cvelistv5 - cve-2010-3829

CVE-2010-3829 (GCVE-0-2010-3829)

Vulnerability from cvelistv5 – Published: 2010-11-26 19:00 – Updated: 2024-08-07 03:26

Summary

Severity ?

No CVSS data available.

CWE

Assigner

apple

References

URL

Tags

	http://secunia.com/advisories/43068	third-party-advisoryx_refsource_SECUNIA
	http://www.vupen.com/english/advisories/2011/0212	vdb-entryx_refsource_VUPEN
	http://www.vupen.com/english/advisories/2010/3046	vdb-entryx_refsource_VUPEN
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
	http://secunia.com/advisories/42314	third-party-advisoryx_refsource_SECUNIA
	http://www.securitytracker.com/id?1024773	vdb-entryx_refsource_SECTRACK
	http://support.apple.com/kb/HT4808	x_refsource_CONFIRM
	http://support.apple.com/kb/HT4456	x_refsource_CONFIRM
	http://lists.apple.com/archives/security-announce…	vendor-advisoryx_refsource_APPLE
	http://lists.apple.com/archives/security-announce…	vendor-advisoryx_refsource_APPLE

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T03:26:11.480Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "43068",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/43068"
          },
          {
            "name": "ADV-2011-0212",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2011/0212"
          },
          {
            "name": "ADV-2010-3046",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/3046"
          },
          {
            "name": "appleios-mail-information-disclosure(63418)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/63418"
          },
          {
            "name": "SUSE-SR:2011:002",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html"
          },
          {
            "name": "42314",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/42314"
          },
          {
            "name": "1024773",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1024773"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.apple.com/kb/HT4808"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.apple.com/kb/HT4456"
          },
          {
            "name": "APPLE-SA-2011-07-20-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2011//Jul/msg00002.html"
          },
          {
            "name": "APPLE-SA-2010-11-22-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2010-11-22T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "WebKit in Apple iOS before 4.2 allows remote attackers to bypass the remote image loading setting in Mail via an HTML LINK element with a DNS prefetching property, as demonstrated by an HTML e-mail message that uses a LINK element for X-Confirm-Reading-To functionality, a related issue to CVE-2010-3813."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-16T14:57:01",
        "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
        "shortName": "apple"
      },
      "references": [
        {
          "name": "43068",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/43068"
        },
        {
          "name": "ADV-2011-0212",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2011/0212"
        },
        {
          "name": "ADV-2010-3046",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/3046"
        },
        {
          "name": "appleios-mail-information-disclosure(63418)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/63418"
        },
        {
          "name": "SUSE-SR:2011:002",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html"
        },
        {
          "name": "42314",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/42314"
        },
        {
          "name": "1024773",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1024773"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.apple.com/kb/HT4808"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.apple.com/kb/HT4456"
        },
        {
          "name": "APPLE-SA-2011-07-20-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2011//Jul/msg00002.html"
        },
        {
          "name": "APPLE-SA-2010-11-22-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "product-security@apple.com",
          "ID": "CVE-2010-3829",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "WebKit in Apple iOS before 4.2 allows remote attackers to bypass the remote image loading setting in Mail via an HTML LINK element with a DNS prefetching property, as demonstrated by an HTML e-mail message that uses a LINK element for X-Confirm-Reading-To functionality, a related issue to CVE-2010-3813."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "43068",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/43068"
            },
            {
              "name": "ADV-2011-0212",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2011/0212"
            },
            {
              "name": "ADV-2010-3046",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2010/3046"
            },
            {
              "name": "appleios-mail-information-disclosure(63418)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/63418"
            },
            {
              "name": "SUSE-SR:2011:002",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html"
            },
            {
              "name": "42314",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/42314"
            },
            {
              "name": "1024773",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1024773"
            },
            {
              "name": "http://support.apple.com/kb/HT4808",
              "refsource": "CONFIRM",
              "url": "http://support.apple.com/kb/HT4808"
            },
            {
              "name": "http://support.apple.com/kb/HT4456",
              "refsource": "CONFIRM",
              "url": "http://support.apple.com/kb/HT4456"
            },
            {
              "name": "APPLE-SA-2011-07-20-1",
              "refsource": "APPLE",
              "url": "http://lists.apple.com/archives/security-announce/2011//Jul/msg00002.html"
            },
            {
              "name": "APPLE-SA-2010-11-22-1",
              "refsource": "APPLE",
              "url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
    "assignerShortName": "apple",
    "cveId": "CVE-2010-3829",
    "datePublished": "2010-11-26T19:00:00",
    "dateReserved": "2010-10-07T00:00:00",
    "dateUpdated": "2024-08-07T03:26:11.480Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"4.1\", \"matchCriteriaId\": \"0B13B067-2D11-43F0-94BD-770D423498FA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:iphone_os:1.0.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A7B6D035-38A9-4C0B-9A9D-CAE3BF1CA56D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:iphone_os:1.0.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0C5B94E7-2C24-4913-B65E-8D8A0DE2B80B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:iphone_os:1.0.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E28FB0CB-D636-4F85-B5F7-70EC30053925\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:iphone_os:1.1.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9EC16D1C-065A-4D1A-BA6E-528A71DF65CC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:iphone_os:1.1.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"27319629-171F-42AA-A95F-2D71F78097D0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:iphone_os:1.1.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4F7AEFAB-7BB0-40D8-8BA5-71B374EB69DB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:iphone_os:1.1.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"297F9438-0F04-4128-94A8-A504B600929E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:iphone_os:1.1.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F8618621-F871-4531-9F6C-7D60F2BF8B75\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:iphone_os:1.1.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"824DED2D-FA1D-46FC-8252-6E25546DAE29\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:iphone_os:2.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1641DDFA-3BF1-467F-8EC3-98114FF9F07B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:iphone_os:2.0.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DF40CDA4-4716-4815-9ED0-093FE266734C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:iphone_os:2.0.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D61644E2-7AF5-48EF-B3D5-59C7B2AD1A58\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:iphone_os:2.0.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3D06D54D-97FD-49FD-B251-CC86FBA68CA6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:iphone_os:2.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"25A5D868-0016-44AB-80E6-E5DF91F15455\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:iphone_os:2.1.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4C14EEA4-6E35-4EBE-9A43-8F6D69318BA0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:iphone_os:2.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B15E90AE-2E15-4BC2-B0B8-AFA2B1297B03\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:iphone_os:2.2.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4E0C0A8D-3DDD-437A-BB3D-50FAEAF6C440\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:iphone_os:3.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"863383DA-0BC6-4A96-835A-A96128EC0202\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:iphone_os:3.0.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2CFF5BE7-2BF6-48CE-B74B-B1A05383C10F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:iphone_os:3.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"51D3BE2B-5A01-4AD4-A436-0056B50A535D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:iphone_os:3.1.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9A20F171-79FE-43B9-8309-B18341639FA1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:iphone_os:3.1.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"126EF22D-29BC-4366-97BC-B261311E6251\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:iphone_os:3.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3B3DD7B3-DA4C-4B0A-A94E-6BF66B358B7D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:iphone_os:3.2.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3A939B80-0AD0-48AF-81A7-370716F56639\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:iphone_os:3.2.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D28528CE-4943-4F82-80C0-A629DA3E6702\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:iphone_os:4.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"12E22AF0-2B66-425A-A1EE-4F0E3B0433E7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:iphone_os:4.0.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BB34ECBE-33E8-40E1-936B-7800D2525AE6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:iphone_os:4.0.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"107C59BE-D8CF-4A17-8DFB-BED2AB12388D\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"WebKit in Apple iOS before 4.2 allows remote attackers to bypass the remote image loading setting in Mail via an HTML LINK element with a DNS prefetching property, as demonstrated by an HTML e-mail message that uses a LINK element for X-Confirm-Reading-To functionality, a related issue to CVE-2010-3813.\"}, {\"lang\": \"es\", \"value\": \"WebKit en Apple iOS anterior a v4.2 permite a atacantes remotos evitar el ajuste de carga de im\\u00e1genes remotas en mensajes a trav\\u00e9s de un elemento HTML LINK con una propiedad DNS prefetching, como lo demuestra un mensaje de correo electr\\u00f3nico HTML que utiliza un elemento LINK para la funcionalidad X-Confirm-Reading-To, un problema relacionado con CVE-2010-3813.\"}]",
      "id": "CVE-2010-3829",
      "lastModified": "2024-11-21T01:19:42.187",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:P/I:P/A:N\", \"baseScore\": 5.8, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 4.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
      "published": "2010-11-26T20:00:03.063",
      "references": "[{\"url\": \"http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html\", \"source\": \"product-security@apple.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://lists.apple.com/archives/security-announce/2011//Jul/msg00002.html\", \"source\": \"product-security@apple.com\"}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html\", \"source\": \"product-security@apple.com\"}, {\"url\": \"http://secunia.com/advisories/42314\", \"source\": \"product-security@apple.com\"}, {\"url\": \"http://secunia.com/advisories/43068\", \"source\": \"product-security@apple.com\"}, {\"url\": \"http://support.apple.com/kb/HT4456\", \"source\": \"product-security@apple.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://support.apple.com/kb/HT4808\", \"source\": \"product-security@apple.com\"}, {\"url\": \"http://www.securitytracker.com/id?1024773\", \"source\": \"product-security@apple.com\"}, {\"url\": \"http://www.vupen.com/english/advisories/2010/3046\", \"source\": \"product-security@apple.com\"}, {\"url\": \"http://www.vupen.com/english/advisories/2011/0212\", \"source\": \"product-security@apple.com\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/63418\", \"source\": \"product-security@apple.com\"}, {\"url\": \"http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://lists.apple.com/archives/security-announce/2011//Jul/msg00002.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/42314\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/43068\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://support.apple.com/kb/HT4456\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://support.apple.com/kb/HT4808\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securitytracker.com/id?1024773\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.vupen.com/english/advisories/2010/3046\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.vupen.com/english/advisories/2011/0212\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/63418\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "product-security@apple.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-264\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2010-3829\",\"sourceIdentifier\":\"product-security@apple.com\",\"published\":\"2010-11-26T20:00:03.063\",\"lastModified\":\"2025-04-11T00:51:21.963\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"WebKit in Apple iOS before 4.2 allows remote attackers to bypass the remote image loading setting in Mail via an HTML LINK element with a DNS prefetching property, as demonstrated by an HTML e-mail message that uses a LINK element for X-Confirm-Reading-To functionality, a related issue to CVE-2010-3813.\"},{\"lang\":\"es\",\"value\":\"WebKit en Apple iOS anterior a v4.2 permite a atacantes remotos evitar el ajuste de carga de im\u00e1genes remotas en mensajes a trav\u00e9s de un elemento HTML LINK con una propiedad DNS prefetching, como lo demuestra un mensaje de correo electr\u00f3nico HTML que utiliza un elemento LINK para la funcionalidad X-Confirm-Reading-To, un problema relacionado con CVE-2010-3813.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:P/A:N\",\"baseScore\":5.8,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":4.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-264\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"4.1\",\"matchCriteriaId\":\"0B13B067-2D11-43F0-94BD-770D423498FA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:iphone_os:1.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A7B6D035-38A9-4C0B-9A9D-CAE3BF1CA56D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:iphone_os:1.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0C5B94E7-2C24-4913-B65E-8D8A0DE2B80B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:iphone_os:1.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E28FB0CB-D636-4F85-B5F7-70EC30053925\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:iphone_os:1.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9EC16D1C-065A-4D1A-BA6E-528A71DF65CC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:iphone_os:1.1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"27319629-171F-42AA-A95F-2D71F78097D0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:iphone_os:1.1.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4F7AEFAB-7BB0-40D8-8BA5-71B374EB69DB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:iphone_os:1.1.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"297F9438-0F04-4128-94A8-A504B600929E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:iphone_os:1.1.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F8618621-F871-4531-9F6C-7D60F2BF8B75\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:iphone_os:1.1.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"824DED2D-FA1D-46FC-8252-6E25546DAE29\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:iphone_os:2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1641DDFA-3BF1-467F-8EC3-98114FF9F07B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:iphone_os:2.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DF40CDA4-4716-4815-9ED0-093FE266734C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:iphone_os:2.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D61644E2-7AF5-48EF-B3D5-59C7B2AD1A58\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:iphone_os:2.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3D06D54D-97FD-49FD-B251-CC86FBA68CA6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:iphone_os:2.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"25A5D868-0016-44AB-80E6-E5DF91F15455\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:iphone_os:2.1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4C14EEA4-6E35-4EBE-9A43-8F6D69318BA0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:iphone_os:2.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B15E90AE-2E15-4BC2-B0B8-AFA2B1297B03\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:iphone_os:2.2.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4E0C0A8D-3DDD-437A-BB3D-50FAEAF6C440\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:iphone_os:3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"863383DA-0BC6-4A96-835A-A96128EC0202\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:iphone_os:3.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2CFF5BE7-2BF6-48CE-B74B-B1A05383C10F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:iphone_os:3.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"51D3BE2B-5A01-4AD4-A436-0056B50A535D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:iphone_os:3.1.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9A20F171-79FE-43B9-8309-B18341639FA1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:iphone_os:3.1.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"126EF22D-29BC-4366-97BC-B261311E6251\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:iphone_os:3.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3B3DD7B3-DA4C-4B0A-A94E-6BF66B358B7D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:iphone_os:3.2.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3A939B80-0AD0-48AF-81A7-370716F56639\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:iphone_os:3.2.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D28528CE-4943-4F82-80C0-A629DA3E6702\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:iphone_os:4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"12E22AF0-2B66-425A-A1EE-4F0E3B0433E7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:iphone_os:4.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BB34ECBE-33E8-40E1-936B-7800D2525AE6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:iphone_os:4.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"107C59BE-D8CF-4A17-8DFB-BED2AB12388D\"}]}]}],\"references\":[{\"url\":\"http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html\",\"source\":\"product-security@apple.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://lists.apple.com/archives/security-announce/2011//Jul/msg00002.html\",\"source\":\"product-security@apple.com\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html\",\"source\":\"product-security@apple.com\"},{\"url\":\"http://secunia.com/advisories/42314\",\"source\":\"product-security@apple.com\"},{\"url\":\"http://secunia.com/advisories/43068\",\"source\":\"product-security@apple.com\"},{\"url\":\"http://support.apple.com/kb/HT4456\",\"source\":\"product-security@apple.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://support.apple.com/kb/HT4808\",\"source\":\"product-security@apple.com\"},{\"url\":\"http://www.securitytracker.com/id?1024773\",\"source\":\"product-security@apple.com\"},{\"url\":\"http://www.vupen.com/english/advisories/2010/3046\",\"source\":\"product-security@apple.com\"},{\"url\":\"http://www.vupen.com/english/advisories/2011/0212\",\"source\":\"product-security@apple.com\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/63418\",\"source\":\"product-security@apple.com\"},{\"url\":\"http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://lists.apple.com/archives/security-announce/2011//Jul/msg00002.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/42314\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/43068\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://support.apple.com/kb/HT4456\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://support.apple.com/kb/HT4808\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securitytracker.com/id?1024773\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2010/3046\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2011/0212\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/63418\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

CERTA-2011-AVI-403

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été identifiées dans Safari. Ces vulnérabilités peuvent notamment être utilisées par une personne malveillante distante afin d'exécuter du code arbitraire.

Description

De multiples vulnérabilités ont été corrigées dans Safari. Ces vulnérabilités affectent entre autres les composants CFNetwork, ColorSync, ImageIO, libxslt et WebKit. Elles peuvent être exploitées par une personne malveillante distante pour faire exécuter du code arbitraire, contourner la politique de sécurité ou porter atteinte à la confidentialité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Safari 5.x.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité Apple HT4808 du 20 juillet 2011

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cp\u003eSafari 5.x.\u003c/p\u003e",
  "content": "## Description\n\nDe multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans Safari. Ces\nvuln\u00e9rabilit\u00e9s affectent entre autres les composants CFNetwork,\nColorSync, ImageIO, libxslt et WebKit. Elles peuvent \u00eatre exploit\u00e9es par\nune personne malveillante distante pour faire ex\u00e9cuter du code\narbitraire, contourner la politique de s\u00e9curit\u00e9 ou porter atteinte \u00e0 la\nconfidentialit\u00e9 des donn\u00e9es.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2011-1204",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1204"
    },
    {
      "name": "CVE-2011-1117",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1117"
    },
    {
      "name": "CVE-2011-0195",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0195"
    },
    {
      "name": "CVE-2011-0237",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0237"
    },
    {
      "name": "CVE-2011-0983",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0983"
    },
    {
      "name": "CVE-2011-0200",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0200"
    },
    {
      "name": "CVE-2010-1823",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1823"
    },
    {
      "name": "CVE-2011-0216",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0216"
    },
    {
      "name": "CVE-2011-1774",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1774"
    },
    {
      "name": "CVE-2011-0240",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0240"
    },
    {
      "name": "CVE-2011-0255",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0255"
    },
    {
      "name": "CVE-2011-1190",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1190"
    },
    {
      "name": "CVE-2011-1188",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1188"
    },
    {
      "name": "CVE-2011-0253",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0253"
    },
    {
      "name": "CVE-2011-0233",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0233"
    },
    {
      "name": "CVE-2010-1383",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1383"
    },
    {
      "name": "CVE-2011-1115",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1115"
    },
    {
      "name": "CVE-2011-0244",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0244"
    },
    {
      "name": "CVE-2011-1296",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1296"
    },
    {
      "name": "CVE-2011-0202",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0202"
    },
    {
      "name": "CVE-2011-0164",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0164"
    },
    {
      "name": "CVE-2011-0981",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0981"
    },
    {
      "name": "CVE-2011-0254",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0254"
    },
    {
      "name": "CVE-2011-0238",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0238"
    },
    {
      "name": "CVE-2011-1295",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1295"
    },
    {
      "name": "CVE-2011-0222",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0222"
    },
    {
      "name": "CVE-2011-1121",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1121"
    },
    {
      "name": "CVE-2011-0217",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0217"
    },
    {
      "name": "CVE-2011-0219",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0219"
    },
    {
      "name": "CVE-2011-0215",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0215"
    },
    {
      "name": "CVE-2011-1797",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1797"
    },
    {
      "name": "CVE-2011-0206",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0206"
    },
    {
      "name": "CVE-2011-1451",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1451"
    },
    {
      "name": "CVE-2010-3829",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3829"
    },
    {
      "name": "CVE-2011-0232",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0232"
    },
    {
      "name": "CVE-2011-0214",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0214"
    },
    {
      "name": "CVE-2011-1288",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1288"
    },
    {
      "name": "CVE-2011-0241",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0241"
    },
    {
      "name": "CVE-2011-1203",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1203"
    },
    {
      "name": "CVE-2010-1420",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1420"
    },
    {
      "name": "CVE-2011-0242",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0242"
    },
    {
      "name": "CVE-2011-0204",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0204"
    },
    {
      "name": "CVE-2011-1293",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1293"
    },
    {
      "name": "CVE-2011-0234",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0234"
    },
    {
      "name": "CVE-2011-1449",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1449"
    },
    {
      "name": "CVE-2011-0201",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0201"
    },
    {
      "name": "CVE-2011-1457",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1457"
    },
    {
      "name": "CVE-2011-0235",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0235"
    },
    {
      "name": "CVE-2011-0225",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0225"
    },
    {
      "name": "CVE-2011-1114",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1114"
    },
    {
      "name": "CVE-2011-1109",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1109"
    },
    {
      "name": "CVE-2011-0221",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0221"
    },
    {
      "name": "CVE-2011-0223",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0223"
    },
    {
      "name": "CVE-2011-1462",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1462"
    },
    {
      "name": "CVE-2011-1453",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1453"
    },
    {
      "name": "CVE-2011-0218",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0218"
    },
    {
      "name": "CVE-2011-1107",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1107"
    }
  ],
  "links": [],
  "reference": "CERTA-2011-AVI-403",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2011-07-21T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 identifi\u00e9es dans Safari. Ces\nvuln\u00e9rabilit\u00e9s peuvent notamment \u00eatre utilis\u00e9es par une personne\nmalveillante distante afin d\u0027ex\u00e9cuter du code arbitraire.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Safari",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT4808 du 20 juillet 2011",
      "url": "http://support.apple.com/kb/HT4808"
    }
  ]
}

CERTA-2010-AVI-565

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités affectent Apple iOS. Certaines permettent l'exécution de code arbitraire à distance.

Description

De multiples vulnérabilités ont été corrigées dans différents composants du système d'exploitation Apple iOS, notamment dans :

Configuration Profiles ;
CoreGraphics ;
FreeType ;
iAd Content Display ;
ImageIO ;
libxml ;
Mail ;
Networking ;
OfficeImport ;
Photos ;
Safari ;
Telephony ;
WebKit.

Parmi ces vulnérabilités, certaines permettent l'exécution de code arbitraire à distance, des dénis de service à distance ainsi que l'atteinte à la confidentialité des données sur les produits Apple embarquant le système d'exploitation iOS.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Apple iOS versions 4.1 et antérieures.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité Apple HT4456 du 22 novembre 2010

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cSPAN class=\"textit\"\u003eApple iOS\u003c/SPAN\u003e  versions 4.1 et ant\u00e9rieures.",
  "content": "## Description\n\nDe multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans diff\u00e9rents composants\ndu syst\u00e8me d\u0027exploitation Apple iOS, notamment dans :\n\n-   Configuration Profiles ;\n-   CoreGraphics ;\n-   FreeType ;\n-   iAd Content Display ;\n-   ImageIO ;\n-   libxml ;\n-   Mail ;\n-   Networking ;\n-   OfficeImport ;\n-   Photos ;\n-   Safari ;\n-   Telephony ;\n-   WebKit.\n\nParmi ces vuln\u00e9rabilit\u00e9s, certaines permettent l\u0027ex\u00e9cution de code\narbitraire \u00e0 distance, des d\u00e9nis de service \u00e0 distance ainsi que\nl\u0027atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es sur les produits Apple\nembarquant le syst\u00e8me d\u0027exploitation iOS.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2010-1408",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1408"
    },
    {
      "name": "CVE-2010-1407",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1407"
    },
    {
      "name": "CVE-2010-1784",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1784"
    },
    {
      "name": "CVE-2010-1791",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1791"
    },
    {
      "name": "CVE-2010-1782",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1782"
    },
    {
      "name": "CVE-2010-1387",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1387"
    },
    {
      "name": "CVE-2010-1822",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1822"
    },
    {
      "name": "CVE-2010-3821",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3821"
    },
    {
      "name": "CVE-2010-3824",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3824"
    },
    {
      "name": "CVE-2010-1418",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1418"
    },
    {
      "name": "CVE-2010-3832",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3832"
    },
    {
      "name": "CVE-2010-3819",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3819"
    },
    {
      "name": "CVE-2010-3804",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3804"
    },
    {
      "name": "CVE-2010-1403",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1403"
    },
    {
      "name": "CVE-2010-1770",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1770"
    },
    {
      "name": "CVE-2010-3822",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3822"
    },
    {
      "name": "CVE-2010-3259",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3259"
    },
    {
      "name": "CVE-2010-1414",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1414"
    },
    {
      "name": "CVE-2010-3813",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3813"
    },
    {
      "name": "CVE-2010-1807",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1807"
    },
    {
      "name": "CVE-2010-3803",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3803"
    },
    {
      "name": "CVE-2010-3812",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3812"
    },
    {
      "name": "CVE-2010-3831",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3831"
    },
    {
      "name": "CVE-2009-1707",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1707"
    },
    {
      "name": "CVE-2010-2249",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2249"
    },
    {
      "name": "CVE-2010-1771",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1771"
    },
    {
      "name": "CVE-2010-3809",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3809"
    },
    {
      "name": "CVE-2010-3820",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3820"
    },
    {
      "name": "CVE-2010-1813",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1813"
    },
    {
      "name": "CVE-2010-0042",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0042"
    },
    {
      "name": "CVE-2010-3816",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3816"
    },
    {
      "name": "CVE-2010-1789",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1789"
    },
    {
      "name": "CVE-2010-1764",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1764"
    },
    {
      "name": "CVE-2010-1788",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1788"
    },
    {
      "name": "CVE-2010-3826",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3826"
    },
    {
      "name": "CVE-2010-1410",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1410"
    },
    {
      "name": "CVE-2010-3810",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3810"
    },
    {
      "name": "CVE-2010-1205",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1205"
    },
    {
      "name": "CVE-2010-3830",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3830"
    },
    {
      "name": "CVE-2010-3786",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3786"
    },
    {
      "name": "CVE-2010-1793",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1793"
    },
    {
      "name": "CVE-2010-1786",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1786"
    },
    {
      "name": "CVE-2010-0544",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0544"
    },
    {
      "name": "CVE-2010-3829",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3829"
    },
    {
      "name": "CVE-2010-1785",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1785"
    },
    {
      "name": "CVE-2010-1783",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1783"
    },
    {
      "name": "CVE-2010-1416",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1416"
    },
    {
      "name": "CVE-2010-3817",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3817"
    },
    {
      "name": "CVE-2010-3814",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3814"
    },
    {
      "name": "CVE-2010-3808",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3808"
    },
    {
      "name": "CVE-2010-1394",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1394"
    },
    {
      "name": "CVE-2010-3116",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3116"
    },
    {
      "name": "CVE-2010-1405",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1405"
    },
    {
      "name": "CVE-2010-3805",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3805"
    },
    {
      "name": "CVE-2010-0051",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0051"
    },
    {
      "name": "CVE-2010-1806",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1806"
    },
    {
      "name": "CVE-2010-1757",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1757"
    },
    {
      "name": "CVE-2010-1422",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1422"
    },
    {
      "name": "CVE-2010-3828",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3828"
    },
    {
      "name": "CVE-2010-3827",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3827"
    },
    {
      "name": "CVE-2010-1758",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1758"
    },
    {
      "name": "CVE-2010-1843",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1843"
    },
    {
      "name": "CVE-2010-2808",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2808"
    },
    {
      "name": "CVE-2010-1781",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1781"
    },
    {
      "name": "CVE-2010-2805",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2805"
    },
    {
      "name": "CVE-2010-3818",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3818"
    },
    {
      "name": "CVE-2010-1415",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1415"
    },
    {
      "name": "CVE-2010-3053",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3053"
    },
    {
      "name": "CVE-2010-4008",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4008"
    },
    {
      "name": "CVE-2010-3257",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3257"
    },
    {
      "name": "CVE-2010-3823",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3823"
    },
    {
      "name": "CVE-2010-3054",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3054"
    },
    {
      "name": "CVE-2010-1421",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1421"
    },
    {
      "name": "CVE-2010-1417",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1417"
    },
    {
      "name": "CVE-2010-2806",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2806"
    },
    {
      "name": "CVE-2010-3811",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3811"
    },
    {
      "name": "CVE-2010-1812",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1812"
    },
    {
      "name": "CVE-2010-1811",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1811"
    },
    {
      "name": "CVE-2010-1392",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1392"
    },
    {
      "name": "CVE-2010-1780",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1780"
    },
    {
      "name": "CVE-2010-1814",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1814"
    },
    {
      "name": "CVE-2010-1815",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1815"
    },
    {
      "name": "CVE-2010-1787",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1787"
    },
    {
      "name": "CVE-2010-2807",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2807"
    },
    {
      "name": "CVE-2010-1384",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1384"
    }
  ],
  "links": [],
  "reference": "CERTA-2010-AVI-565",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2010-11-24T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s affectent \u003cspan class=\"textit\"\u003eApple\niOS\u003c/span\u003e. Certaines permettent l\u0027ex\u00e9cution de code arbitraire \u00e0\ndistance.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Apple iOS",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT4456 du 22 novembre 2010",
      "url": "http://support.apple.com/kb/HT4456"
    }
  ]
}

CERTA-2011-AVI-403

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été identifiées dans Safari. Ces vulnérabilités peuvent notamment être utilisées par une personne malveillante distante afin d'exécuter du code arbitraire.

Description

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Safari 5.x.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité Apple HT4808 du 20 juillet 2011

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cp\u003eSafari 5.x.\u003c/p\u003e",
  "content": "## Description\n\nDe multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans Safari. Ces\nvuln\u00e9rabilit\u00e9s affectent entre autres les composants CFNetwork,\nColorSync, ImageIO, libxslt et WebKit. Elles peuvent \u00eatre exploit\u00e9es par\nune personne malveillante distante pour faire ex\u00e9cuter du code\narbitraire, contourner la politique de s\u00e9curit\u00e9 ou porter atteinte \u00e0 la\nconfidentialit\u00e9 des donn\u00e9es.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2011-1204",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1204"
    },
    {
      "name": "CVE-2011-1117",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1117"
    },
    {
      "name": "CVE-2011-0195",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0195"
    },
    {
      "name": "CVE-2011-0237",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0237"
    },
    {
      "name": "CVE-2011-0983",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0983"
    },
    {
      "name": "CVE-2011-0200",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0200"
    },
    {
      "name": "CVE-2010-1823",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1823"
    },
    {
      "name": "CVE-2011-0216",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0216"
    },
    {
      "name": "CVE-2011-1774",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1774"
    },
    {
      "name": "CVE-2011-0240",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0240"
    },
    {
      "name": "CVE-2011-0255",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0255"
    },
    {
      "name": "CVE-2011-1190",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1190"
    },
    {
      "name": "CVE-2011-1188",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1188"
    },
    {
      "name": "CVE-2011-0253",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0253"
    },
    {
      "name": "CVE-2011-0233",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0233"
    },
    {
      "name": "CVE-2010-1383",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1383"
    },
    {
      "name": "CVE-2011-1115",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1115"
    },
    {
      "name": "CVE-2011-0244",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0244"
    },
    {
      "name": "CVE-2011-1296",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1296"
    },
    {
      "name": "CVE-2011-0202",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0202"
    },
    {
      "name": "CVE-2011-0164",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0164"
    },
    {
      "name": "CVE-2011-0981",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0981"
    },
    {
      "name": "CVE-2011-0254",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0254"
    },
    {
      "name": "CVE-2011-0238",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0238"
    },
    {
      "name": "CVE-2011-1295",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1295"
    },
    {
      "name": "CVE-2011-0222",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0222"
    },
    {
      "name": "CVE-2011-1121",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1121"
    },
    {
      "name": "CVE-2011-0217",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0217"
    },
    {
      "name": "CVE-2011-0219",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0219"
    },
    {
      "name": "CVE-2011-0215",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0215"
    },
    {
      "name": "CVE-2011-1797",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1797"
    },
    {
      "name": "CVE-2011-0206",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0206"
    },
    {
      "name": "CVE-2011-1451",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1451"
    },
    {
      "name": "CVE-2010-3829",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3829"
    },
    {
      "name": "CVE-2011-0232",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0232"
    },
    {
      "name": "CVE-2011-0214",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0214"
    },
    {
      "name": "CVE-2011-1288",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1288"
    },
    {
      "name": "CVE-2011-0241",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0241"
    },
    {
      "name": "CVE-2011-1203",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1203"
    },
    {
      "name": "CVE-2010-1420",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1420"
    },
    {
      "name": "CVE-2011-0242",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0242"
    },
    {
      "name": "CVE-2011-0204",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0204"
    },
    {
      "name": "CVE-2011-1293",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1293"
    },
    {
      "name": "CVE-2011-0234",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0234"
    },
    {
      "name": "CVE-2011-1449",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1449"
    },
    {
      "name": "CVE-2011-0201",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0201"
    },
    {
      "name": "CVE-2011-1457",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1457"
    },
    {
      "name": "CVE-2011-0235",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0235"
    },
    {
      "name": "CVE-2011-0225",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0225"
    },
    {
      "name": "CVE-2011-1114",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1114"
    },
    {
      "name": "CVE-2011-1109",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1109"
    },
    {
      "name": "CVE-2011-0221",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0221"
    },
    {
      "name": "CVE-2011-0223",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0223"
    },
    {
      "name": "CVE-2011-1462",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1462"
    },
    {
      "name": "CVE-2011-1453",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1453"
    },
    {
      "name": "CVE-2011-0218",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0218"
    },
    {
      "name": "CVE-2011-1107",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1107"
    }
  ],
  "links": [],
  "reference": "CERTA-2011-AVI-403",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2011-07-21T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 identifi\u00e9es dans Safari. Ces\nvuln\u00e9rabilit\u00e9s peuvent notamment \u00eatre utilis\u00e9es par une personne\nmalveillante distante afin d\u0027ex\u00e9cuter du code arbitraire.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Safari",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT4808 du 20 juillet 2011",
      "url": "http://support.apple.com/kb/HT4808"
    }
  ]
}

CERTA-2010-AVI-565

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités affectent Apple iOS. Certaines permettent l'exécution de code arbitraire à distance.

Description

De multiples vulnérabilités ont été corrigées dans différents composants du système d'exploitation Apple iOS, notamment dans :

Configuration Profiles ;
CoreGraphics ;
FreeType ;
iAd Content Display ;
ImageIO ;
libxml ;
Mail ;
Networking ;
OfficeImport ;
Photos ;
Safari ;
Telephony ;
WebKit.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Apple iOS versions 4.1 et antérieures.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité Apple HT4456 du 22 novembre 2010

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cSPAN class=\"textit\"\u003eApple iOS\u003c/SPAN\u003e  versions 4.1 et ant\u00e9rieures.",
  "content": "## Description\n\nDe multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans diff\u00e9rents composants\ndu syst\u00e8me d\u0027exploitation Apple iOS, notamment dans :\n\n-   Configuration Profiles ;\n-   CoreGraphics ;\n-   FreeType ;\n-   iAd Content Display ;\n-   ImageIO ;\n-   libxml ;\n-   Mail ;\n-   Networking ;\n-   OfficeImport ;\n-   Photos ;\n-   Safari ;\n-   Telephony ;\n-   WebKit.\n\nParmi ces vuln\u00e9rabilit\u00e9s, certaines permettent l\u0027ex\u00e9cution de code\narbitraire \u00e0 distance, des d\u00e9nis de service \u00e0 distance ainsi que\nl\u0027atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es sur les produits Apple\nembarquant le syst\u00e8me d\u0027exploitation iOS.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2010-1408",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1408"
    },
    {
      "name": "CVE-2010-1407",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1407"
    },
    {
      "name": "CVE-2010-1784",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1784"
    },
    {
      "name": "CVE-2010-1791",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1791"
    },
    {
      "name": "CVE-2010-1782",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1782"
    },
    {
      "name": "CVE-2010-1387",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1387"
    },
    {
      "name": "CVE-2010-1822",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1822"
    },
    {
      "name": "CVE-2010-3821",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3821"
    },
    {
      "name": "CVE-2010-3824",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3824"
    },
    {
      "name": "CVE-2010-1418",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1418"
    },
    {
      "name": "CVE-2010-3832",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3832"
    },
    {
      "name": "CVE-2010-3819",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3819"
    },
    {
      "name": "CVE-2010-3804",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3804"
    },
    {
      "name": "CVE-2010-1403",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1403"
    },
    {
      "name": "CVE-2010-1770",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1770"
    },
    {
      "name": "CVE-2010-3822",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3822"
    },
    {
      "name": "CVE-2010-3259",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3259"
    },
    {
      "name": "CVE-2010-1414",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1414"
    },
    {
      "name": "CVE-2010-3813",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3813"
    },
    {
      "name": "CVE-2010-1807",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1807"
    },
    {
      "name": "CVE-2010-3803",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3803"
    },
    {
      "name": "CVE-2010-3812",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3812"
    },
    {
      "name": "CVE-2010-3831",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3831"
    },
    {
      "name": "CVE-2009-1707",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1707"
    },
    {
      "name": "CVE-2010-2249",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2249"
    },
    {
      "name": "CVE-2010-1771",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1771"
    },
    {
      "name": "CVE-2010-3809",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3809"
    },
    {
      "name": "CVE-2010-3820",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3820"
    },
    {
      "name": "CVE-2010-1813",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1813"
    },
    {
      "name": "CVE-2010-0042",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0042"
    },
    {
      "name": "CVE-2010-3816",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3816"
    },
    {
      "name": "CVE-2010-1789",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1789"
    },
    {
      "name": "CVE-2010-1764",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1764"
    },
    {
      "name": "CVE-2010-1788",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1788"
    },
    {
      "name": "CVE-2010-3826",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3826"
    },
    {
      "name": "CVE-2010-1410",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1410"
    },
    {
      "name": "CVE-2010-3810",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3810"
    },
    {
      "name": "CVE-2010-1205",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1205"
    },
    {
      "name": "CVE-2010-3830",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3830"
    },
    {
      "name": "CVE-2010-3786",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3786"
    },
    {
      "name": "CVE-2010-1793",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1793"
    },
    {
      "name": "CVE-2010-1786",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1786"
    },
    {
      "name": "CVE-2010-0544",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0544"
    },
    {
      "name": "CVE-2010-3829",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3829"
    },
    {
      "name": "CVE-2010-1785",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1785"
    },
    {
      "name": "CVE-2010-1783",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1783"
    },
    {
      "name": "CVE-2010-1416",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1416"
    },
    {
      "name": "CVE-2010-3817",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3817"
    },
    {
      "name": "CVE-2010-3814",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3814"
    },
    {
      "name": "CVE-2010-3808",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3808"
    },
    {
      "name": "CVE-2010-1394",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1394"
    },
    {
      "name": "CVE-2010-3116",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3116"
    },
    {
      "name": "CVE-2010-1405",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1405"
    },
    {
      "name": "CVE-2010-3805",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3805"
    },
    {
      "name": "CVE-2010-0051",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0051"
    },
    {
      "name": "CVE-2010-1806",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1806"
    },
    {
      "name": "CVE-2010-1757",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1757"
    },
    {
      "name": "CVE-2010-1422",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1422"
    },
    {
      "name": "CVE-2010-3828",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3828"
    },
    {
      "name": "CVE-2010-3827",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3827"
    },
    {
      "name": "CVE-2010-1758",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1758"
    },
    {
      "name": "CVE-2010-1843",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1843"
    },
    {
      "name": "CVE-2010-2808",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2808"
    },
    {
      "name": "CVE-2010-1781",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1781"
    },
    {
      "name": "CVE-2010-2805",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2805"
    },
    {
      "name": "CVE-2010-3818",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3818"
    },
    {
      "name": "CVE-2010-1415",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1415"
    },
    {
      "name": "CVE-2010-3053",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3053"
    },
    {
      "name": "CVE-2010-4008",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4008"
    },
    {
      "name": "CVE-2010-3257",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3257"
    },
    {
      "name": "CVE-2010-3823",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3823"
    },
    {
      "name": "CVE-2010-3054",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3054"
    },
    {
      "name": "CVE-2010-1421",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1421"
    },
    {
      "name": "CVE-2010-1417",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1417"
    },
    {
      "name": "CVE-2010-2806",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2806"
    },
    {
      "name": "CVE-2010-3811",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3811"
    },
    {
      "name": "CVE-2010-1812",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1812"
    },
    {
      "name": "CVE-2010-1811",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1811"
    },
    {
      "name": "CVE-2010-1392",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1392"
    },
    {
      "name": "CVE-2010-1780",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1780"
    },
    {
      "name": "CVE-2010-1814",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1814"
    },
    {
      "name": "CVE-2010-1815",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1815"
    },
    {
      "name": "CVE-2010-1787",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1787"
    },
    {
      "name": "CVE-2010-2807",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2807"
    },
    {
      "name": "CVE-2010-1384",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1384"
    }
  ],
  "links": [],
  "reference": "CERTA-2010-AVI-565",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2010-11-24T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s affectent \u003cspan class=\"textit\"\u003eApple\niOS\u003c/span\u003e. Certaines permettent l\u0027ex\u00e9cution de code arbitraire \u00e0\ndistance.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Apple iOS",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT4456 du 22 novembre 2010",
      "url": "http://support.apple.com/kb/HT4456"
    }
  ]
}

VAR-201011-0051

Vulnerability from variot - Updated: 2023-12-18 11:36

WebKit in Apple iOS before 4.2 allows remote attackers to bypass the remote image loading setting in Mail via an HTML LINK element with a DNS prefetching property, as demonstrated by an HTML e-mail message that uses a LINK element for X-Confirm-Reading-To functionality, a related issue to CVE-2010-3813. WebKit is prone to a security-bypass vulnerability. Attackers can exploit this issue by enticing an unsuspecting user into viewing a malicious email. Successful exploits will allow clients to send requests to attacker-specified servers which helps attackers determine whether the email message was viewed or not. Apple iOS is the most advanced mobile operating system from Apple. Permissions and access control vulnerabilities exist in WebKit in versions prior to Apple iOS 4.2. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

APPLE-SA-2011-07-20-1 Safari 5.1 and Safari 5.0.6

Safari 5.1 and Safari 5.0.6 are now available and address the following:

CFNetwork Available for: Windows 7, Vista, XP SP2 or later Impact: Visiting a maliciously crafted website may lead to a cross- site scripting attack Description: In certain situations, Safari may treat a file as HTML, even if it is served with the 'text/plain' content type. This may lead to a cross-site scripting attack on sites that allow untrusted users to post text files. This issue is addressed through improved handling of 'text/plain' content. CVE-ID CVE-2010-1420 : Hidetake Jo working with Microsoft Vulnerability Research (MSVR), Neal Poole of Matasano Security

CFNetwork Available for: Windows 7, Vista, XP SP2 or later Impact: Authenticating to a maliciously crafted website may lead to arbitrary code execution Description: The NTLM authentication protocol is susceptible to a replay attack referred to as credential reflection. Authenticating to a maliciously crafted website may lead to arbitrary code execution. To mitigate this issue, Safari has been updated to utilize protection mechanisms recently added to Windows. This issue does not affect Mac OS X systems. CVE-ID CVE-2010-1383 : Takehiro Takahashi of IBM X-Force Research

CFNetwork Available for: Windows 7, Vista, XP SP2 or later Impact: A root certificate that is disabled may still be trusted Description: CFNetwork did not properly validate that a certificate was trusted for use by a SSL server. As a result, if the user had marked a system root certificate as not trusted, Safari would still accept certificates signed by that root. This issue is addressed through improved certificate validation. This issue does not affect Mac OS X systems. CVE-ID CVE-2011-0214 : An anonymous reporter

ColorSync Available for: Windows 7, Vista, XP SP2 or later Impact: Viewing a maliciously crafted image with an embedded ColorSync profile may lead to an unexpected application termination or arbitrary code execution Description: An integer overflow existed in the handling of images with an embedded ColorSync profile, which may lead to a heap buffer overflow. Opening a maliciously crafted image with an embedded ColorSync profile may lead to an unexpected application termination or arbitrary code execution. For Mac OS X v10.5 systems, this issue is addressed in Security Update 2011-004. CVE-ID CVE-2011-0200 : binaryproof working with TippingPoint's Zero Day Initiative

CoreFoundation Available for: Windows 7, Vista, XP SP2 or later Impact: Applications that use the CoreFoundation framework may be vulnerable to an unexpected application termination or arbitrary code execution Description: An off-by-one buffer overflow issue existed in the handling of CFStrings. Applications that use the CoreFoundation framework may be vulnerable to an unexpected application termination or arbitrary code execution. For Mac OS X v10.6 systems, this issue is addressed in Mac OS X v10.6.8. CVE-ID CVE-2011-0201 : Harry Sintonen

CoreGraphics Available for: Windows 7, Vista, XP SP2 or later Impact: Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution Description: An integer overflow issue existed in the handling of Type 1 fonts. Viewing or downloading a document containing a maliciously crafted embedded font may lead to arbitrary code execution. For Mac OS X v10.6 systems, this issue is addressed in Mac OS X v10.6.8. For Mac OS X v10.5 systems, this issue is addressed in Security Update 2011-004. CVE-ID CVE-2011-0202 : Cristian Draghici of Modulo Consulting, Felix Grobert of the Google Security Team

International Components for Unicode Available for: Windows 7, Vista, XP SP2 or later Impact: Applications that use ICU may be vulnerable to an unexpected application termination or arbitrary code execution Description: A buffer overflow issue existed in ICU's handling of uppercase strings. Applications that use ICU may be vulnerable to an unexpected application termination or arbitrary code execution. For Mac OS X v10.6 systems, this issue is addressed in Mac OS X v10.6.8. CVE-ID CVE-2011-0206 : David Bienvenu of Mozilla

ImageIO Available for: Windows 7, Vista, XP SP2 or later Impact: Viewing a maliciously crafted TIFF image may lead to an unexpected application termination or arbitrary code execution Description: A heap buffer overflow existed in ImageIO's handling of TIFF images. Viewing a maliciously crafted TIFF image may lead to an unexpected application termination or arbitrary code execution. For Mac OS X v10.6 systems, this issue is addressed in Mac OS X v10.6.8. For Mac OS X v10.5 systems, this issue is addressed in Security Update 2011-004. CVE-ID CVE-2011-0204 : Dominic Chell of NGS Secure

ImageIO Available for: Windows 7, Vista, XP SP2 or later Impact: Viewing a maliciously crafted TIFF image may lead to an unexpected application termination or arbitrary code execution Description: A heap buffer overflow existed in ImageIO's handling of CCITT Group 4 encoded TIFF images. Viewing a maliciously crafted TIFF image may lead to an unexpected application termination or arbitrary code execution. CVE-ID CVE-2011-0241 : Cyril CATTIAUX of Tessi Technologies

ImageIO Available for: Windows 7, Vista, XP SP2 or later Impact: Viewing a maliciously crafted TIFF image may lead to an unexpected application termination or arbitrary code execution Description: A reentrancy issue existed in ImageIO's handling of TIFF images. Viewing a maliciously crafted TIFF image may lead to an unexpected application termination or arbitrary code execution. This issue does not affect Mac OS X systems. CVE-ID CVE-2011-0215 : Juan Pablo Lopez Yacubian working with iDefense VCP

libxslt Available for: Windows 7, Vista, XP SP2 or later Impact: Visiting a maliciously crafted website may lead to the disclosure of addresses on the heap Description: libxslt's implementation of the generate-id() XPath function disclosed the address of a heap buffer. Visiting a maliciously crafted website may lead to the disclosure of addresses on the heap. This issue is addressed by generating an ID based on the difference between the addresses of two heap buffers. For Mac OS X v10.6 systems, this issue is addressed in Mac OS X v10.6.8. For Mac OS X v10.5 systems, this issue is addressed in Security Update 2011-004. CVE-ID CVE-2011-0195 : Chris Evans of the Google Chrome Security Team

libxml Available for: Windows 7, Vista, XP SP2 or later Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution Description: A one-byte heap buffer overflow existed in libxml's handling of XML data. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. CVE-ID CVE-2011-0216 : Billy Rios of the Google Security Team

Safari Available for: Mac OS X v10.6.8 or later, Mac OS X Server v10.6.8 or later, Windows 7, Vista, XP SP2 or later Impact: If the "AutoFill web forms" feature is enabled, visiting a maliciously crafted website and typing may lead to the disclosure of information from the user's Address Book Description: Safari's "AutoFill web forms" feature filled in non- visible form fields, and the information was accessible by scripts on the site before the user submitted the form. This issue is addressed by displaying all fields that will be filled, and requiring the user's consent before AutoFill information is available to the form. CVE-ID CVE-2011-0217 : Florian Rienhardt of BSI, Alex Lambert, [Jeremiah Grossman]

Safari Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.8 or later, Mac OS X Server v10.6.8 or later, Windows 7, Vista, XP SP2 or later Impact: With a certain Java configuration, visiting a malicious website may lead to unexpected text being displayed on other sites Description: A cross origin issue existed in the handling of Java Applets. This applies when Java is enabled in Safari, and Java is configured to run within the browser process. Fonts loaded by a Java applet could affect the display of text content from other sites. This issue is addressed by running Java applets in a separate process. CVE-ID CVE-2011-0219 : Joshua Smith of Kaon Interactive

WebKit Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.8 or later, Mac OS X Server v10.6.8 or later, Windows 7, Vista, XP SP2 or later Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues existed in WebKit. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. CVE-ID CVE-2010-1823 : David Weston of Microsoft and Microsoft Vulnerability Research (MSVR), wushi of team509, and Yong Li of Research In Motion Ltd CVE-2011-0164 : Apple CVE-2011-0218 : SkyLined of Google Chrome Security Team CVE-2011-0221 : Abhishek Arya (Inferno) of Google Chrome Security Team CVE-2011-0222 : Nikita Tarakanov and Alex Bazhanyuk of the CISS Research Team, and Abhishek Arya (Inferno) of Google Chrome Security Team CVE-2011-0223 : Jose A. Vazquez of spa-s3c.blogspot.com working with iDefense VCP CVE-2011-0225 : Abhishek Arya (Inferno) of Google Chrome Security Team CVE-2011-0232 : J23 working with TippingPoint's Zero Day Initiative CVE-2011-0233 : wushi of team509 working with TippingPoint's Zero Day Initiative CVE-2011-0234 : Rob King working with TippingPoint's Zero Day Initiative, wushi of team509 working with TippingPoint's Zero Day Initiative, wushi of team509 working with iDefense VCP CVE-2011-0235 : Abhishek Arya (Inferno) of Google Chrome Security Team CVE-2011-0237 : wushi of team509 working with iDefense VCP CVE-2011-0238 : Adam Barth of Google Chrome Security Team CVE-2011-0240 : wushi of team509 working with iDefense VCP CVE-2011-0253 : Richard Keen CVE-2011-0254 : An anonymous researcher working with TippingPoint's Zero Day Initiative CVE-2011-0255 : An anonymous researcher working with TippingPoint's Zero Day Initiative CVE-2011-0981 : Rik Cabanier of Adobe Systems, Inc CVE-2011-0983 : Martin Barbella CVE-2011-1109 : Sergey Glazunov CVE-2011-1114 : Martin Barbella CVE-2011-1115 : Martin Barbella CVE-2011-1117 : wushi of team509 CVE-2011-1121 : miaubiz CVE-2011-1188 : Martin Barbella CVE-2011-1203 : Sergey Glazunov CVE-2011-1204 : Sergey Glazunov CVE-2011-1288 : Andreas Kling of Nokia CVE-2011-1293 : Sergey Glazunov CVE-2011-1296 : Sergey Glazunov CVE-2011-1449 : Marek Majkowski, wushi of team 509 working with iDefense VCP CVE-2011-1451 : Sergey Glazunov CVE-2011-1453 : wushi of team509 working with TippingPoint's Zero Day Initiative CVE-2011-1457 : John Knottenbelt of Google CVE-2011-1462 : wushi of team509 CVE-2011-1797 : wushi of team509

WebKit Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.8 or later, Mac OS X Server v10.6.8 or later, Windows 7, Vista, XP SP2 or later Impact: Visiting a maliciously crafted website may lead to arbitrary code execution Description: A configuration issue existed in WebKit's use of libxslt. Visiting a maliciously crafted website may lead to arbitrary files being created with the privileges of the user, which may lead to arbitrary code execution. This issue is addressed through improved libxslt security settings. CVE-ID CVE-2011-1774 : Nicolas Gregoire of Agarri

WebKit Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.8 or later, Mac OS X Server v10.6.8 or later, Windows 7, Vista, XP SP2 or later Impact: Visiting a maliciously crafted website may lead to an information disclosure Description: A cross-origin issue existed in the handling of Web Workers. Visiting a maliciously crafted website may lead to an information disclosure. CVE-ID CVE-2011-1190 : Daniel Divricean of divricean.ro

WebKit Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.8 or later, Mac OS X Server v10.6.8 or later, Windows 7, Vista, XP SP2 or later Impact: Visiting a maliciously crafted website may lead to a cross- site scripting attack Description: A cross-origin issue existed in the handling of URLs with an embedded username. Visiting a maliciously crafted website may lead to a cross-site scripting attack. This issue is addressed through improved handling of URLs with an embedded username. CVE-ID CVE-2011-0242 : Jobert Abma of Online24

WebKit Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.8 or later, Mac OS X Server v10.6.8 or later, Windows 7, Vista, XP SP2 or later Impact: Visiting a maliciously crafted website may lead to a cross- site scripting attack Description: A cross-origin issue existed in the handling of DOM nodes. Visiting a maliciously crafted website may lead to a cross- site scripting attack. CVE-ID CVE-2011-1295 : Sergey Glazunov

WebKit Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.8 or later, Mac OS X Server v10.6.8 or later, Windows 7, Vista, XP SP2 or later Impact: A maliciously crafted website may be able to cause a different URL to be shown in the address bar Description: A URL spoofing issue existed in the handling of the DOM history object. A maliciously crafted website may have been able to cause a different URL to be shown in the address bar. CVE-ID CVE-2011-1107 : Jordi Chancel

WebKit Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.8 or later, Mac OS X Server v10.6.8 or later, Windows 7, Vista, XP SP2 or later Impact: Subscribing to a maliciously crafted RSS feed and clicking on a link within it may lead to an information disclosure Description: A canonicalization issue existed in the handling of URLs. Subscribing to a maliciously crafted RSS feed and clicking on a link within it may lead to arbitrary files being sent from the user's system to a remote server. This update addresses the issue through improved handling of URLs. CVE-ID CVE-2011-0244 : Jason Hullinger

WebKit Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.8 or later, Mac OS X Server v10.6.8 or later, Windows 7, Vista, XP SP2 or later Impact: Applications that use WebKit, such as mail clients, may connect to an arbitrary DNS server upon processing HTML content Description: DNS prefetching was enabled by default in WebKit. Applications that use WebKit, such a s mail clients, may connect to an arbitrary DNS server upon processing HTML content. This update addresses the issue by requiring applications to opt in to DNS prefetching. CVE-ID CVE-2010-3829 : Mike Cardwell of Cardwell IT Ltd.

Note: Safari 5.1 is included with OS X Lion.

Safari 5.1 and Safari 5.0.6 address the same set of security issues. Safari 5.1 is provided for Mac OS X v10.6, and Windows systems. Safari 5.0.6 is provided for Mac OS X v10.5 systems.

Safari 5.1 is available via the Apple Software Update application, or Apple's Safari download site at: http://www.apple.com/safari/download/

Safari 5.0.6 is available via the Apple Software Update application, or Apple's Software Downloads web site: http://www.apple.com/support/downloads/

Safari for Mac OS X v10.6.8 and later The download file is named: Safari5.1SnowLeopard.dmg Its SHA-1 digest is: 2c3cef8e06c5aa586379b1a5fd5cf7b54e8acc24

Safari for Mac OS X v10.5.8 The download file is named: Safari5.0.6Leopard.dmg Its SHA-1 digest is: ea970375d2116a7b74094a2a7669bebc306b6e6f

Safari for Windows 7, Vista or XP The download file is named: SafariSetup.exe Its SHA-1 digest is: d00b791c694b1ecfc22d6a1ec9aa21cc14fd8e36

Safari for Windows 7, Vista or XP from the Microsoft Choice Screen The download file is named: Safari_Setup.exe Its SHA-1 digest is: ccb3bb6b06468a430171d9f62708a1a6d917f45b

Safari+QuickTime for Windows 7, Vista or XP The file is named: SafariQuickTimeSetup.exe Its SHA-1 digest is: 1273e0ee742a294d65e4f25a9b3e36f79fb517c9

Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222

This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/

-----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.9 (Darwin)

iQEcBAEBAgAGBQJOJI45AAoJEGnF2JsdZQeezHQIALKZms5tzYgYxUSdxmo+DmYw up9gAmEVcltZvCeVS1lUxfjqnRiGRSWyuou8Ynt9PfGQCz9GfLvzlrCHc5rsnKaD MeYY1IH7lQc6aqmV0hwb4nUL5qJntP6G5Ai0E/0UiRQNC/ummS+qnmdsiFo78ODY nKaB5cAWhqGHgOAPnUG0JwmxpYgR2HEtGYJSqlYykMwt1vnlAr5hHVNaUJcJ3Hlb vesN6fB7zQMiJVo8+iJBixCvIYlbII5HnVAmD1ToyKgENg4Iguo46YBMVr8DPgF/ KD2s0+VF/O4utYVX0GiRGReVyq1PMvz/HI23ym8U3LjbezXD/AALQET0Q2hUEYQ= =fOfF -----END PGP SIGNATURE----- . ----------------------------------------------------------------------

Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM).

Request a free trial: http://secunia.com/products/corporate/vim/

TITLE: Apple iOS Multiple Vulnerabilities

SECUNIA ADVISORY ID: SA42314

VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42314/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42314

RELEASE DATE: 2010-11-24

DISCUSS ADVISORY: http://secunia.com/advisories/42314/#comments

AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)

http://secunia.com/advisories/42314/

ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS

https://ca.secunia.com/?page=viewadvisory&vuln_id=42314

ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING

http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/

DESCRIPTION: Multiple vulnerabilities have been reported in Apple iOS, which can be exploited by malicious people to conduct cross-site scripting and spoofing attacks, disclose sensitive information, bypass certain security restrictions, or to compromise a user's system.

For more information: SA40257 SA41328 SA42151 SA42312

SOLUTION: Upgrade to iOS 4.2 (downloadable and installable via iTunes).

ORIGINAL ADVISORY: Apple: http://support.apple.com/kb/HT4456

OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/

DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/

EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/

EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/

EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/

About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.

Subscribe: http://secunia.com/advisories/secunia_security_advisories/

Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/

Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.

Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

For more information: SA32349 SA33495 SA35095 SA35379 SA35411 SA35449 SA35758 SA36269 SA36677 SA37273 SA37346 SA37769 SA38061 SA38545 SA38932 SA39029 SA39091 SA39384 SA39661 SA39937 SA40002 SA40072 SA40105 SA40112 SA40148 SA40196 SA40257 SA40664 SA40783 SA41014 SA41085 SA41242 SA41328 SA41390 SA41443 SA41535 SA41841 SA41888 SA41968 SA42151 SA42264 SA42290 SA42312 SA42443 SA42461 SA42658 SA42769 SA42886 SA42956 SA43053

SOLUTION: Apply updated packages via YaST Online Update or the SUSE FTP server

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201011-0051",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "iphone os",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "3.1.3"
      },
      {
        "model": "iphone os",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "4.0"
      },
      {
        "model": "iphone os",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "2.0"
      },
      {
        "model": "iphone os",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "3.2.1"
      },
      {
        "model": "iphone os",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "3.2.2"
      },
      {
        "model": "iphone os",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "4.0.2"
      },
      {
        "model": "iphone os",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "4.0.1"
      },
      {
        "model": "iphone os",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "3.2"
      },
      {
        "model": "iphone os",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "3.1.2"
      },
      {
        "model": "iphone os",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "1.1.4"
      },
      {
        "model": "iphone os",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "2.2.1"
      },
      {
        "model": "iphone os",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "1.1.0"
      },
      {
        "model": "iphone os",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "3.0.1"
      },
      {
        "model": "iphone os",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "2.2"
      },
      {
        "model": "iphone os",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "apple",
        "version": "4.1"
      },
      {
        "model": "iphone os",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "2.0.0"
      },
      {
        "model": "iphone os",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "2.0.2"
      },
      {
        "model": "iphone os",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "1.0.1"
      },
      {
        "model": "iphone os",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "1.1.3"
      },
      {
        "model": "iphone os",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "2.0.1"
      },
      {
        "model": "iphone os",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "1.1.5"
      },
      {
        "model": "iphone os",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "3.0"
      },
      {
        "model": "iphone os",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "2.1"
      },
      {
        "model": "iphone os",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "1.1.2"
      },
      {
        "model": "iphone os",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "3.1"
      },
      {
        "model": "iphone os",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "1.0.2"
      },
      {
        "model": "iphone os",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "2.1.1"
      },
      {
        "model": "iphone os",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "1.0.0"
      },
      {
        "model": "iphone os",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "1.1.1"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "v10.5.8"
      },
      {
        "model": "mac os x server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "v10.5.8"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "2.0 to  4.1 (iphone 3g after )"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "2.1 to  4.1 (ipod touch (2nd generation) after )"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "3.2 to  3.2.2 (ipad for )"
      },
      {
        "model": "ipad",
        "scope": null,
        "trust": 0.8,
        "vendor": "apple",
        "version": null
      },
      {
        "model": "iphone",
        "scope": null,
        "trust": 0.8,
        "vendor": "apple",
        "version": null
      },
      {
        "model": "ipod touch",
        "scope": null,
        "trust": 0.8,
        "vendor": "apple",
        "version": null
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "5"
      },
      {
        "model": "iphone os",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "4.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.0.2"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.0.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.2.2"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.2.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.2"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "2.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "2.0"
      },
      {
        "model": "ios",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "45008"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-002522"
      },
      {
        "db": "NVD",
        "id": "CVE-2010-3829"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201011-253"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:apple:iphone_os:3.2.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:iphone_os:3.2.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:iphone_os:2.2.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:iphone_os:2.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:iphone_os:1.1.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:iphone_os:1.1.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:iphone_os:2.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:iphone_os:3.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:iphone_os:3.1.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:iphone_os:2.1.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:iphone_os:2.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:iphone_os:2.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:iphone_os:1.1.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:iphone_os:1.1.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:iphone_os:4.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:iphone_os:4.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:iphone_os:3.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:iphone_os:3.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:iphone_os:1.1.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:iphone_os:1.1.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:iphone_os:1.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "4.1",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:iphone_os:4.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:iphone_os:3.1.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:iphone_os:3.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:iphone_os:2.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:iphone_os:2.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:iphone_os:1.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:iphone_os:1.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2010-3829"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Mike Cardwell of Cardwell IT Ltd.",
    "sources": [
      {
        "db": "BID",
        "id": "45008"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2010-3829",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 5.8,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "impactScore": 4.9,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": true,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Medium",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 5.8,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "CVE-2010-3829",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 5.8,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "id": "VHN-46434",
            "impactScore": 4.9,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2010-3829",
            "trust": 1.8,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201011-253",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-46434",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-46434"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-002522"
      },
      {
        "db": "NVD",
        "id": "CVE-2010-3829"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201011-253"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "WebKit in Apple iOS before 4.2 allows remote attackers to bypass the remote image loading setting in Mail via an HTML LINK element with a DNS prefetching property, as demonstrated by an HTML e-mail message that uses a LINK element for X-Confirm-Reading-To functionality, a related issue to CVE-2010-3813. WebKit is prone to a security-bypass vulnerability. \nAttackers can  exploit this issue by enticing an unsuspecting user into viewing a  malicious email. \nSuccessful exploits will allow clients to  send requests to attacker-specified servers which helps attackers determine whether the email message was viewed or not. Apple iOS is the most advanced mobile operating system from Apple. Permissions and access control vulnerabilities exist in WebKit in versions prior to Apple iOS 4.2. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nAPPLE-SA-2011-07-20-1 Safari 5.1 and Safari 5.0.6\n\nSafari 5.1 and Safari 5.0.6 are now available and address the\nfollowing:\n\nCFNetwork\nAvailable for:  Windows 7, Vista, XP SP2 or later\nImpact:  Visiting a maliciously crafted website may lead to a cross-\nsite scripting attack\nDescription:  In certain situations, Safari may treat a file as HTML,\neven if it is served with the \u0027text/plain\u0027 content type. This may\nlead to a cross-site scripting attack on sites that allow untrusted\nusers to post text files. This issue is addressed through improved\nhandling of \u0027text/plain\u0027 content. \nCVE-ID\nCVE-2010-1420 : Hidetake Jo working with Microsoft Vulnerability\nResearch (MSVR), Neal Poole of Matasano Security\n\nCFNetwork\nAvailable for:  Windows 7, Vista, XP SP2 or later\nImpact:  Authenticating to a maliciously crafted website may lead to\narbitrary code execution\nDescription:  The NTLM authentication protocol is susceptible to a\nreplay attack referred to as credential reflection. Authenticating to\na maliciously crafted website may lead to arbitrary code execution. \nTo mitigate this issue, Safari has been updated to utilize protection\nmechanisms recently added to Windows. This issue does not affect Mac\nOS X systems. \nCVE-ID\nCVE-2010-1383 : Takehiro Takahashi of IBM X-Force Research\n\nCFNetwork\nAvailable for:  Windows 7, Vista, XP SP2 or later\nImpact:  A root certificate that is disabled may still be trusted\nDescription:  CFNetwork did not properly validate that a certificate\nwas trusted for use by a SSL server. As a result, if the user had\nmarked a system root certificate as not trusted, Safari would still\naccept certificates signed by that root. This issue is addressed\nthrough improved certificate validation. This issue does not affect\nMac OS X systems. \nCVE-ID\nCVE-2011-0214 : An anonymous reporter\n\nColorSync\nAvailable for:  Windows 7, Vista, XP SP2 or later\nImpact:  Viewing a maliciously crafted image with an embedded\nColorSync profile may lead to an unexpected application termination\nor arbitrary code execution\nDescription:  An integer overflow existed in the handling of images\nwith an embedded ColorSync profile, which may lead to a heap buffer\noverflow. Opening a maliciously crafted image with an embedded\nColorSync profile may lead to an unexpected application termination\nor arbitrary code execution. For Mac OS X v10.5 systems, this issue\nis addressed in Security Update 2011-004. \nCVE-ID\nCVE-2011-0200 : binaryproof working with TippingPoint\u0027s Zero Day\nInitiative\n\nCoreFoundation\nAvailable for:  Windows 7, Vista, XP SP2 or later\nImpact:  Applications that use the CoreFoundation framework may be\nvulnerable to an unexpected application termination or arbitrary code\nexecution\nDescription:  An off-by-one buffer overflow issue existed in the\nhandling of CFStrings. Applications that use the CoreFoundation\nframework may be vulnerable to an unexpected application termination\nor arbitrary code execution. For Mac OS X v10.6 systems, this issue\nis addressed in Mac OS X v10.6.8. \nCVE-ID\nCVE-2011-0201 : Harry Sintonen\n\nCoreGraphics\nAvailable for:  Windows 7, Vista, XP SP2 or later\nImpact:  Opening a maliciously crafted PDF file may lead to an\nunexpected application termination or arbitrary code execution\nDescription:  An integer overflow issue existed in the handling of\nType 1 fonts. Viewing or downloading a document containing a\nmaliciously crafted embedded font may lead to arbitrary code\nexecution. For Mac OS X v10.6 systems, this issue is addressed in Mac\nOS X v10.6.8. For Mac OS X v10.5 systems, this issue is addressed in\nSecurity Update 2011-004. \nCVE-ID\nCVE-2011-0202 : Cristian Draghici of Modulo Consulting, Felix Grobert\nof the Google Security Team\n\nInternational Components for Unicode\nAvailable for:  Windows 7, Vista, XP SP2 or later\nImpact:  Applications that use ICU may be vulnerable to an unexpected\napplication termination or arbitrary code execution\nDescription:  A buffer overflow issue existed in ICU\u0027s handling of\nuppercase strings. Applications that use ICU may be vulnerable to an\nunexpected application termination or arbitrary code execution. For\nMac OS X v10.6 systems, this issue is addressed in Mac OS X v10.6.8. \nCVE-ID\nCVE-2011-0206 : David Bienvenu of Mozilla\n\nImageIO\nAvailable for:  Windows 7, Vista, XP SP2 or later\nImpact:  Viewing a maliciously crafted TIFF image may lead to an\nunexpected application termination or arbitrary code execution\nDescription:  A heap buffer overflow existed in ImageIO\u0027s handling of\nTIFF images. Viewing a maliciously crafted TIFF image may lead to an\nunexpected application termination or arbitrary code execution. For\nMac OS X v10.6 systems, this issue is addressed in Mac OS X v10.6.8. \nFor Mac OS X v10.5 systems, this issue is addressed in Security\nUpdate 2011-004. \nCVE-ID\nCVE-2011-0204 : Dominic Chell of NGS Secure\n\nImageIO\nAvailable for:  Windows 7, Vista, XP SP2 or later\nImpact:  Viewing a maliciously crafted TIFF image may lead to an\nunexpected application termination or arbitrary code execution\nDescription:  A heap buffer overflow existed in ImageIO\u0027s handling of\nCCITT Group 4 encoded TIFF images. Viewing a maliciously crafted TIFF\nimage may lead to an unexpected application termination or arbitrary\ncode execution. \nCVE-ID\nCVE-2011-0241 : Cyril CATTIAUX of Tessi Technologies\n\nImageIO\nAvailable for:  Windows 7, Vista, XP SP2 or later\nImpact:  Viewing a maliciously crafted TIFF image may lead to an\nunexpected application termination or arbitrary code execution\nDescription:  A reentrancy issue existed in ImageIO\u0027s handling of\nTIFF images. Viewing a maliciously crafted TIFF image may lead to an\nunexpected application termination or arbitrary code execution. This\nissue does not affect Mac OS X systems. \nCVE-ID\nCVE-2011-0215 : Juan Pablo Lopez Yacubian working with iDefense VCP\n\nImageIO\nAvailable for:  Windows 7, Vista, XP SP2 or later\nImpact:  Viewing a maliciously crafted TIFF image may lead to an\nunexpected application termination or arbitrary code execution\nDescription:  A heap buffer overflow existed in ImageIO\u0027s handling of\nTIFF images. Viewing a maliciously crafted TIFF image may lead to an\nunexpected application termination or arbitrary code execution. For\nMac OS X v10.6 systems, this issue is addressed in Mac OS X v10.6.8. \nFor Mac OS X v10.5 systems, this issue is addressed in Security\nUpdate 2011-004. \nCVE-ID\nCVE-2011-0204 : Dominic Chell of NGS Secure\n\nlibxslt\nAvailable for:  Windows 7, Vista, XP SP2 or later\nImpact:  Visiting a maliciously crafted website may lead to the\ndisclosure of addresses on the heap\nDescription:  libxslt\u0027s implementation of the generate-id() XPath\nfunction disclosed the address of a heap buffer. Visiting a\nmaliciously crafted website may lead to the disclosure of addresses\non the heap. This issue is addressed by generating an ID based on the\ndifference between the addresses of two heap buffers. For Mac OS X\nv10.6 systems, this issue is addressed in Mac OS X v10.6.8. For Mac\nOS X v10.5 systems, this issue is addressed in Security Update\n2011-004. \nCVE-ID\nCVE-2011-0195 : Chris Evans of the Google Chrome Security Team\n\nlibxml\nAvailable for:  Windows 7, Vista, XP SP2 or later\nImpact:  Visiting a maliciously crafted website may lead to an\nunexpected application termination or arbitrary code execution\nDescription:  A one-byte heap buffer overflow existed in libxml\u0027s\nhandling of XML data. Visiting a maliciously crafted website may lead\nto an unexpected application termination or arbitrary code execution. \nCVE-ID\nCVE-2011-0216 : Billy Rios of the Google Security Team\n\nSafari\nAvailable for:  Mac OS X v10.6.8 or later,\nMac OS X Server v10.6.8 or later, Windows 7, Vista, XP SP2 or later\nImpact:  If the \"AutoFill web forms\" feature is enabled, visiting a\nmaliciously crafted website and typing may lead to the disclosure of\ninformation from the user\u0027s Address Book\nDescription:  Safari\u0027s \"AutoFill web forms\" feature filled in non-\nvisible form fields, and the information was accessible by scripts on\nthe site before the user submitted the form. This issue is addressed\nby displaying all fields that will be filled, and requiring the\nuser\u0027s consent before AutoFill information is available to the form. \nCVE-ID\nCVE-2011-0217 : Florian Rienhardt of BSI, Alex Lambert, [Jeremiah\nGrossman]\n\nSafari\nAvailable for:  Mac OS X v10.5.8, Mac OS X Server v10.5.8,\nMac OS X v10.6.8 or later, Mac OS X Server v10.6.8 or later,\nWindows 7, Vista, XP SP2 or later\nImpact:  With a certain Java configuration, visiting a malicious\nwebsite may lead to unexpected text being displayed on other sites\nDescription:  A cross origin issue existed in the handling of Java\nApplets. This applies when Java is enabled in Safari, and Java is\nconfigured to run within the browser process. Fonts loaded by a Java\napplet could affect the display of text content from other sites. \nThis issue is addressed by running Java applets in a separate\nprocess. \nCVE-ID\nCVE-2011-0219 : Joshua Smith of Kaon Interactive\n\nWebKit\nAvailable for:  Mac OS X v10.5.8, Mac OS X Server v10.5.8,\nMac OS X v10.6.8 or later, Mac OS X Server v10.6.8 or later,\nWindows 7, Vista, XP SP2 or later\nImpact:  Visiting a maliciously crafted website may lead to an\nunexpected application termination or arbitrary code execution\nDescription:  Multiple memory corruption issues existed in WebKit. \nVisiting a maliciously crafted website may lead to an unexpected\napplication termination or arbitrary code execution. \nCVE-ID\nCVE-2010-1823 : David Weston of Microsoft and Microsoft Vulnerability\nResearch (MSVR), wushi of team509, and Yong Li of Research In Motion\nLtd\nCVE-2011-0164 : Apple\nCVE-2011-0218 : SkyLined of Google Chrome Security Team\nCVE-2011-0221 : Abhishek Arya (Inferno) of Google Chrome Security\nTeam\nCVE-2011-0222 : Nikita Tarakanov and Alex Bazhanyuk of the CISS\nResearch Team, and Abhishek Arya (Inferno) of Google Chrome Security\nTeam\nCVE-2011-0223 : Jose A. Vazquez of spa-s3c.blogspot.com working with\niDefense VCP\nCVE-2011-0225 : Abhishek Arya (Inferno) of Google Chrome Security\nTeam\nCVE-2011-0232 : J23 working with TippingPoint\u0027s Zero Day Initiative\nCVE-2011-0233 : wushi of team509 working with TippingPoint\u0027s Zero Day\nInitiative\nCVE-2011-0234 : Rob King working with TippingPoint\u0027s Zero Day\nInitiative, wushi of team509 working with TippingPoint\u0027s Zero Day\nInitiative, wushi of team509 working with iDefense VCP\nCVE-2011-0235 : Abhishek Arya (Inferno) of Google Chrome Security\nTeam\nCVE-2011-0237 : wushi of team509 working with iDefense VCP\nCVE-2011-0238 : Adam Barth of Google Chrome Security Team\nCVE-2011-0240 : wushi of team509 working with iDefense VCP\nCVE-2011-0253 : Richard Keen\nCVE-2011-0254 : An anonymous researcher working with TippingPoint\u0027s\nZero Day Initiative\nCVE-2011-0255 : An anonymous researcher working with TippingPoint\u0027s\nZero Day Initiative\nCVE-2011-0981 : Rik Cabanier of Adobe Systems, Inc\nCVE-2011-0983 : Martin Barbella\nCVE-2011-1109 : Sergey Glazunov\nCVE-2011-1114 : Martin Barbella\nCVE-2011-1115 : Martin Barbella\nCVE-2011-1117 : wushi of team509\nCVE-2011-1121 : miaubiz\nCVE-2011-1188 : Martin Barbella\nCVE-2011-1203 : Sergey Glazunov\nCVE-2011-1204 : Sergey Glazunov\nCVE-2011-1288 : Andreas Kling of Nokia\nCVE-2011-1293 : Sergey Glazunov\nCVE-2011-1296 : Sergey Glazunov\nCVE-2011-1449 : Marek Majkowski, wushi of team 509 working with\niDefense VCP\nCVE-2011-1451 : Sergey Glazunov\nCVE-2011-1453 : wushi of team509 working with TippingPoint\u0027s Zero Day\nInitiative\nCVE-2011-1457 : John Knottenbelt of Google\nCVE-2011-1462 : wushi of team509\nCVE-2011-1797 : wushi of team509\n\nWebKit\nAvailable for:  Mac OS X v10.5.8, Mac OS X Server v10.5.8,\nMac OS X v10.6.8 or later, Mac OS X Server v10.6.8 or later,\nWindows 7, Vista, XP SP2 or later\nImpact:  Visiting a maliciously crafted website may lead to arbitrary\ncode execution\nDescription:  A configuration issue existed in WebKit\u0027s use of\nlibxslt. Visiting a maliciously crafted website may lead to arbitrary\nfiles being created with the privileges of the user, which may lead\nto arbitrary code execution. This issue is addressed through improved\nlibxslt security settings. \nCVE-ID\nCVE-2011-1774 : Nicolas Gregoire of Agarri\n\nWebKit\nAvailable for:  Mac OS X v10.5.8, Mac OS X Server v10.5.8,\nMac OS X v10.6.8 or later, Mac OS X Server v10.6.8 or later,\nWindows 7, Vista, XP SP2 or later\nImpact:  Visiting a maliciously crafted website may lead to an\ninformation disclosure\nDescription:  A cross-origin issue existed in the handling of Web\nWorkers. Visiting a maliciously crafted website may lead to an\ninformation disclosure. \nCVE-ID\nCVE-2011-1190 : Daniel Divricean of divricean.ro\n\nWebKit\nAvailable for:  Mac OS X v10.5.8, Mac OS X Server v10.5.8,\nMac OS X v10.6.8 or later, Mac OS X Server v10.6.8 or later,\nWindows 7, Vista, XP SP2 or later\nImpact:  Visiting a maliciously crafted website may lead to a cross-\nsite scripting attack\nDescription:  A cross-origin issue existed in the handling of URLs\nwith an embedded username. Visiting a maliciously crafted website may\nlead to a cross-site scripting attack. This issue is addressed\nthrough improved handling of URLs with an embedded username. \nCVE-ID\nCVE-2011-0242 : Jobert Abma of Online24\n\nWebKit\nAvailable for:  Mac OS X v10.5.8, Mac OS X Server v10.5.8,\nMac OS X v10.6.8 or later, Mac OS X Server v10.6.8 or later,\nWindows 7, Vista, XP SP2 or later\nImpact:  Visiting a maliciously crafted website may lead to a cross-\nsite scripting attack\nDescription:  A cross-origin issue existed in the handling of DOM\nnodes. Visiting a maliciously crafted website may lead to a cross-\nsite scripting attack. \nCVE-ID\nCVE-2011-1295 : Sergey Glazunov\n\nWebKit\nAvailable for:  Mac OS X v10.5.8, Mac OS X Server v10.5.8,\nMac OS X v10.6.8 or later, Mac OS X Server v10.6.8 or later,\nWindows 7, Vista, XP SP2 or later\nImpact:  A maliciously crafted website may be able to cause a\ndifferent URL to be shown in the address bar\nDescription:  A URL spoofing issue existed in the handling of the DOM\nhistory object. A maliciously crafted website may have been able to\ncause a different URL to be shown in the address bar. \nCVE-ID\nCVE-2011-1107 : Jordi Chancel\n\nWebKit\nAvailable for:  Mac OS X v10.5.8, Mac OS X Server v10.5.8,\nMac OS X v10.6.8 or later, Mac OS X Server v10.6.8 or later,\nWindows 7, Vista, XP SP2 or later\nImpact:  Subscribing to a maliciously crafted RSS feed and clicking\non a link within it may lead to an information disclosure\nDescription:  A canonicalization issue existed in the handling of\nURLs. Subscribing to a maliciously crafted RSS feed and clicking on a\nlink within it may lead to arbitrary files being sent from the user\u0027s\nsystem to a remote server. This update addresses the issue through\nimproved handling of URLs. \nCVE-ID\nCVE-2011-0244 : Jason Hullinger\n\nWebKit\nAvailable for:  Mac OS X v10.5.8, Mac OS X Server v10.5.8,\nMac OS X v10.6.8 or later, Mac OS X Server v10.6.8 or later,\nWindows 7, Vista, XP SP2 or later\nImpact:  Applications that use WebKit, such as mail clients, may\nconnect to an arbitrary DNS server upon processing HTML content\nDescription:  DNS prefetching was enabled by default in WebKit. \nApplications that use WebKit, such a s mail clients, may connect to\nan arbitrary DNS server upon processing HTML content. This update\naddresses the issue by requiring applications to opt in to DNS\nprefetching. \nCVE-ID\nCVE-2010-3829 : Mike Cardwell of Cardwell IT Ltd. \n\n\nNote: Safari 5.1 is included with OS X Lion. \n\n\nSafari 5.1 and Safari 5.0.6 address the same set of security\nissues. Safari 5.1 is provided for Mac OS X v10.6,\nand Windows systems. Safari 5.0.6 is provided for\nMac OS X v10.5 systems. \n\nSafari 5.1 is available via the Apple Software Update\napplication, or Apple\u0027s Safari download site at:\nhttp://www.apple.com/safari/download/\n\nSafari 5.0.6 is available via the Apple Software Update\napplication, or Apple\u0027s Software Downloads web site:\nhttp://www.apple.com/support/downloads/\n\nSafari for Mac OS X v10.6.8 and later\nThe download file is named: Safari5.1SnowLeopard.dmg\nIts SHA-1 digest is: 2c3cef8e06c5aa586379b1a5fd5cf7b54e8acc24\n\nSafari for Mac OS X v10.5.8\nThe download file is named: Safari5.0.6Leopard.dmg\nIts SHA-1 digest is: ea970375d2116a7b74094a2a7669bebc306b6e6f\n\nSafari for Windows 7, Vista or XP\nThe download file is named: SafariSetup.exe\nIts SHA-1 digest is: d00b791c694b1ecfc22d6a1ec9aa21cc14fd8e36\n\nSafari for Windows 7, Vista or XP from the Microsoft Choice Screen\nThe download file is named: Safari_Setup.exe\nIts SHA-1 digest is: ccb3bb6b06468a430171d9f62708a1a6d917f45b\n\nSafari+QuickTime for Windows 7, Vista or XP\nThe file is named: SafariQuickTimeSetup.exe\nIts SHA-1 digest is: 1273e0ee742a294d65e4f25a9b3e36f79fb517c9\n\nInformation will also be posted to the Apple Security Updates\nweb site: http://support.apple.com/kb/HT1222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v2.0.9 (Darwin)\n\niQEcBAEBAgAGBQJOJI45AAoJEGnF2JsdZQeezHQIALKZms5tzYgYxUSdxmo+DmYw\nup9gAmEVcltZvCeVS1lUxfjqnRiGRSWyuou8Ynt9PfGQCz9GfLvzlrCHc5rsnKaD\nMeYY1IH7lQc6aqmV0hwb4nUL5qJntP6G5Ai0E/0UiRQNC/ummS+qnmdsiFo78ODY\nnKaB5cAWhqGHgOAPnUG0JwmxpYgR2HEtGYJSqlYykMwt1vnlAr5hHVNaUJcJ3Hlb\nvesN6fB7zQMiJVo8+iJBixCvIYlbII5HnVAmD1ToyKgENg4Iguo46YBMVr8DPgF/\nKD2s0+VF/O4utYVX0GiRGReVyq1PMvz/HI23ym8U3LjbezXD/AALQET0Q2hUEYQ=\n=fOfF\n-----END PGP SIGNATURE-----\n. ----------------------------------------------------------------------\n\n\nSecure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). \n\nRequest a free trial: \nhttp://secunia.com/products/corporate/vim/\n\n\n----------------------------------------------------------------------\n\nTITLE:\nApple iOS Multiple Vulnerabilities\n\nSECUNIA ADVISORY ID:\nSA42314\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/42314/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=42314\n\nRELEASE DATE:\n2010-11-24\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/42314/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/42314/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=42314\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nMultiple vulnerabilities have been reported in Apple iOS, which can\nbe exploited by malicious people to conduct cross-site scripting and\nspoofing attacks, disclose sensitive information, bypass certain\nsecurity restrictions, or to compromise a user\u0027s system. \n\nFor more information:\nSA40257\nSA41328\nSA42151\nSA42312\n\nSOLUTION:\nUpgrade to iOS 4.2 (downloadable and installable via iTunes). \n\nORIGINAL ADVISORY:\nApple:\nhttp://support.apple.com/kb/HT4456\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n. \n\nFor more information:\nSA32349\nSA33495\nSA35095\nSA35379\nSA35411\nSA35449\nSA35758\nSA36269\nSA36677\nSA37273\nSA37346\nSA37769\nSA38061\nSA38545\nSA38932\nSA39029\nSA39091\nSA39384\nSA39661\nSA39937\nSA40002\nSA40072\nSA40105\nSA40112\nSA40148\nSA40196\nSA40257\nSA40664\nSA40783\nSA41014\nSA41085\nSA41242\nSA41328\nSA41390\nSA41443\nSA41535\nSA41841\nSA41888\nSA41968\nSA42151\nSA42264\nSA42290\nSA42312\nSA42443\nSA42461\nSA42658\nSA42769\nSA42886\nSA42956\nSA43053\n\nSOLUTION:\nApply updated packages via YaST Online Update or the SUSE FTP server",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2010-3829"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-002522"
      },
      {
        "db": "BID",
        "id": "45008"
      },
      {
        "db": "VULHUB",
        "id": "VHN-46434"
      },
      {
        "db": "PACKETSTORM",
        "id": "103216"
      },
      {
        "db": "PACKETSTORM",
        "id": "96086"
      },
      {
        "db": "PACKETSTORM",
        "id": "97846"
      }
    ],
    "trust": 2.25
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2010-3829",
        "trust": 2.9
      },
      {
        "db": "SECUNIA",
        "id": "42314",
        "trust": 2.0
      },
      {
        "db": "SECTRACK",
        "id": "1024773",
        "trust": 1.9
      },
      {
        "db": "VUPEN",
        "id": "ADV-2010-3046",
        "trust": 1.9
      },
      {
        "db": "SECUNIA",
        "id": "43068",
        "trust": 1.2
      },
      {
        "db": "VUPEN",
        "id": "ADV-2011-0212",
        "trust": 1.1
      },
      {
        "db": "XF",
        "id": "63418",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-002522",
        "trust": 0.8
      },
      {
        "db": "APPLE",
        "id": "APPLE-SA-2010-11-22-1",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201011-253",
        "trust": 0.6
      },
      {
        "db": "BID",
        "id": "45008",
        "trust": 0.4
      },
      {
        "db": "VULHUB",
        "id": "VHN-46434",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "103216",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "96086",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "97846",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-46434"
      },
      {
        "db": "BID",
        "id": "45008"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-002522"
      },
      {
        "db": "PACKETSTORM",
        "id": "103216"
      },
      {
        "db": "PACKETSTORM",
        "id": "96086"
      },
      {
        "db": "PACKETSTORM",
        "id": "97846"
      },
      {
        "db": "NVD",
        "id": "CVE-2010-3829"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201011-253"
      }
    ]
  },
  "id": "VAR-201011-0051",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-46434"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T11:36:17.873000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "HT4456",
        "trust": 0.8,
        "url": "http://support.apple.com/kb/ht4456"
      },
      {
        "title": "HT4808",
        "trust": 0.8,
        "url": "http://support.apple.com/kb/ht4808"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-002522"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-264",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-46434"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-002522"
      },
      {
        "db": "NVD",
        "id": "CVE-2010-3829"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.9,
        "url": "http://www.securitytracker.com/id?1024773"
      },
      {
        "trust": 1.9,
        "url": "http://secunia.com/advisories/42314"
      },
      {
        "trust": 1.9,
        "url": "http://www.vupen.com/english/advisories/2010/3046"
      },
      {
        "trust": 1.8,
        "url": "http://support.apple.com/kb/ht4456"
      },
      {
        "trust": 1.7,
        "url": "http://lists.apple.com/archives/security-announce/2010//nov/msg00003.html"
      },
      {
        "trust": 1.2,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html"
      },
      {
        "trust": 1.1,
        "url": "http://lists.apple.com/archives/security-announce/2011//jul/msg00002.html"
      },
      {
        "trust": 1.1,
        "url": "http://support.apple.com/kb/ht4808"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/43068"
      },
      {
        "trust": 1.1,
        "url": "http://www.vupen.com/english/advisories/2011/0212"
      },
      {
        "trust": 1.1,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/63418"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3829"
      },
      {
        "trust": 0.8,
        "url": "http://xforce.iss.net/xforce/xfdb/63418"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/cert/jvnvu781747/index.html"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2010-3829"
      },
      {
        "trust": 0.3,
        "url": "http://www.apple.com"
      },
      {
        "trust": 0.2,
        "url": "http://secunia.com/products/corporate/evm/"
      },
      {
        "trust": 0.2,
        "url": "http://secunia.com/advisories/secunia_security_advisories/"
      },
      {
        "trust": 0.2,
        "url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/"
      },
      {
        "trust": 0.2,
        "url": "http://secunia.com/products/corporate/vim/"
      },
      {
        "trust": 0.2,
        "url": "http://secunia.com/vulnerability_scanning/personal/"
      },
      {
        "trust": 0.2,
        "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
      },
      {
        "trust": 0.2,
        "url": "http://secunia.com/advisories/about_secunia_advisories/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2010-1420"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0206"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0235"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0240"
      },
      {
        "trust": 0.1,
        "url": "http://support.apple.com/kb/ht1222"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0237"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0200"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0214"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0238"
      },
      {
        "trust": 0.1,
        "url": "http://www.apple.com/support/downloads/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0201"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0233"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0219"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0234"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0223"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0202"
      },
      {
        "trust": 0.1,
        "url": "https://www.apple.com/support/security/pgp/"
      },
      {
        "trust": 0.1,
        "url": "http://www.apple.com/safari/download/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0215"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0217"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0204"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0222"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0164"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0221"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0216"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0218"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2010-1383"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0225"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0195"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3829"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0232"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2010-1823"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/42314/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/42314/#comments"
      },
      {
        "trust": 0.1,
        "url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=42314"
      },
      {
        "trust": 0.1,
        "url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=43068"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/43068/#comments"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/43068/"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-46434"
      },
      {
        "db": "BID",
        "id": "45008"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-002522"
      },
      {
        "db": "PACKETSTORM",
        "id": "103216"
      },
      {
        "db": "PACKETSTORM",
        "id": "96086"
      },
      {
        "db": "PACKETSTORM",
        "id": "97846"
      },
      {
        "db": "NVD",
        "id": "CVE-2010-3829"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201011-253"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-46434"
      },
      {
        "db": "BID",
        "id": "45008"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-002522"
      },
      {
        "db": "PACKETSTORM",
        "id": "103216"
      },
      {
        "db": "PACKETSTORM",
        "id": "96086"
      },
      {
        "db": "PACKETSTORM",
        "id": "97846"
      },
      {
        "db": "NVD",
        "id": "CVE-2010-3829"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201011-253"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2010-11-26T00:00:00",
        "db": "VULHUB",
        "id": "VHN-46434"
      },
      {
        "date": "2010-11-22T00:00:00",
        "db": "BID",
        "id": "45008"
      },
      {
        "date": "2010-12-20T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2010-002522"
      },
      {
        "date": "2011-07-21T14:16:35",
        "db": "PACKETSTORM",
        "id": "103216"
      },
      {
        "date": "2010-11-24T11:53:31",
        "db": "PACKETSTORM",
        "id": "96086"
      },
      {
        "date": "2011-01-25T03:59:20",
        "db": "PACKETSTORM",
        "id": "97846"
      },
      {
        "date": "2010-11-26T20:00:03.063000",
        "db": "NVD",
        "id": "CVE-2010-3829"
      },
      {
        "date": "2010-11-30T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201011-253"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-08-17T00:00:00",
        "db": "VULHUB",
        "id": "VHN-46434"
      },
      {
        "date": "2010-11-22T00:00:00",
        "db": "BID",
        "id": "45008"
      },
      {
        "date": "2011-07-29T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2010-002522"
      },
      {
        "date": "2017-08-17T01:33:02.713000",
        "db": "NVD",
        "id": "CVE-2010-3829"
      },
      {
        "date": "2010-11-30T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201011-253"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201011-253"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Apple iOS of  WebKit In  Mail Vulnerability that bypasses remote image loading settings",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-002522"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "permissions and access control",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201011-253"
      }
    ],
    "trust": 0.6
  }
}

GHSA-X3M3-Q3XC-8M5J

Vulnerability from github – Published: 2022-05-17 02:05 – Updated: 2022-05-17 02:05

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2010-3829"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2010-11-26T20:00:00Z",
    "severity": "MODERATE"
  },
  "details": "WebKit in Apple iOS before 4.2 allows remote attackers to bypass the remote image loading setting in Mail via an HTML LINK element with a DNS prefetching property, as demonstrated by an HTML e-mail message that uses a LINK element for X-Confirm-Reading-To functionality, a related issue to CVE-2010-3813.",
  "id": "GHSA-x3m3-q3xc-8m5j",
  "modified": "2022-05-17T02:05:13Z",
  "published": "2022-05-17T02:05:13Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-3829"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/63418"
    },
    {
      "type": "WEB",
      "url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.apple.com/archives/security-announce/2011//Jul/msg00002.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/42314"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/43068"
    },
    {
      "type": "WEB",
      "url": "http://support.apple.com/kb/HT4456"
    },
    {
      "type": "WEB",
      "url": "http://support.apple.com/kb/HT4808"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id?1024773"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2010/3046"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2011/0212"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GSD-2010-3829

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2010-3829

Aliases

CVE-2010-3829

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2010-3829",
    "description": "WebKit in Apple iOS before 4.2 allows remote attackers to bypass the remote image loading setting in Mail via an HTML LINK element with a DNS prefetching property, as demonstrated by an HTML e-mail message that uses a LINK element for X-Confirm-Reading-To functionality, a related issue to CVE-2010-3813.",
    "id": "GSD-2010-3829",
    "references": [
      "https://www.suse.com/security/cve/CVE-2010-3829.html"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2010-3829"
      ],
      "details": "WebKit in Apple iOS before 4.2 allows remote attackers to bypass the remote image loading setting in Mail via an HTML LINK element with a DNS prefetching property, as demonstrated by an HTML e-mail message that uses a LINK element for X-Confirm-Reading-To functionality, a related issue to CVE-2010-3813.",
      "id": "GSD-2010-3829",
      "modified": "2023-12-13T01:21:33.703684Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "product-security@apple.com",
        "ID": "CVE-2010-3829",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "WebKit in Apple iOS before 4.2 allows remote attackers to bypass the remote image loading setting in Mail via an HTML LINK element with a DNS prefetching property, as demonstrated by an HTML e-mail message that uses a LINK element for X-Confirm-Reading-To functionality, a related issue to CVE-2010-3813."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "43068",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/43068"
          },
          {
            "name": "ADV-2011-0212",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2011/0212"
          },
          {
            "name": "ADV-2010-3046",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2010/3046"
          },
          {
            "name": "appleios-mail-information-disclosure(63418)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/63418"
          },
          {
            "name": "SUSE-SR:2011:002",
            "refsource": "SUSE",
            "url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html"
          },
          {
            "name": "42314",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/42314"
          },
          {
            "name": "1024773",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id?1024773"
          },
          {
            "name": "http://support.apple.com/kb/HT4808",
            "refsource": "CONFIRM",
            "url": "http://support.apple.com/kb/HT4808"
          },
          {
            "name": "http://support.apple.com/kb/HT4456",
            "refsource": "CONFIRM",
            "url": "http://support.apple.com/kb/HT4456"
          },
          {
            "name": "APPLE-SA-2011-07-20-1",
            "refsource": "APPLE",
            "url": "http://lists.apple.com/archives/security-announce/2011//Jul/msg00002.html"
          },
          {
            "name": "APPLE-SA-2010-11-22-1",
            "refsource": "APPLE",
            "url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:apple:iphone_os:3.2.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:iphone_os:3.2.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:iphone_os:2.2.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:iphone_os:2.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:iphone_os:1.1.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:iphone_os:1.1.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:iphone_os:2.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:iphone_os:3.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:iphone_os:3.1.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:iphone_os:2.1.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:iphone_os:2.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:iphone_os:2.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:iphone_os:1.1.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:iphone_os:1.1.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:iphone_os:4.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:iphone_os:4.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:iphone_os:3.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:iphone_os:3.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:iphone_os:1.1.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:iphone_os:1.1.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:iphone_os:1.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "4.1",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:iphone_os:4.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:iphone_os:3.1.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:iphone_os:3.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:iphone_os:2.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:iphone_os:2.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:iphone_os:1.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:iphone_os:1.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "product-security@apple.com",
          "ID": "CVE-2010-3829"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "WebKit in Apple iOS before 4.2 allows remote attackers to bypass the remote image loading setting in Mail via an HTML LINK element with a DNS prefetching property, as demonstrated by an HTML e-mail message that uses a LINK element for X-Confirm-Reading-To functionality, a related issue to CVE-2010-3813."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-264"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://support.apple.com/kb/HT4456",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://support.apple.com/kb/HT4456"
            },
            {
              "name": "APPLE-SA-2010-11-22-1",
              "refsource": "APPLE",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html"
            },
            {
              "name": "1024773",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id?1024773"
            },
            {
              "name": "ADV-2010-3046",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2010/3046"
            },
            {
              "name": "42314",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/42314"
            },
            {
              "name": "ADV-2011-0212",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2011/0212"
            },
            {
              "name": "SUSE-SR:2011:002",
              "refsource": "SUSE",
              "tags": [],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html"
            },
            {
              "name": "43068",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/43068"
            },
            {
              "name": "http://support.apple.com/kb/HT4808",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://support.apple.com/kb/HT4808"
            },
            {
              "name": "APPLE-SA-2011-07-20-1",
              "refsource": "APPLE",
              "tags": [],
              "url": "http://lists.apple.com/archives/security-announce/2011//Jul/msg00002.html"
            },
            {
              "name": "appleios-mail-information-disclosure(63418)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/63418"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 5.8,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 4.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": true
        }
      },
      "lastModifiedDate": "2017-08-17T01:33Z",
      "publishedDate": "2010-11-26T20:00Z"
    }
  }
}

FKIE_CVE-2010-3829

Vulnerability from fkie_nvd - Published: 2010-11-26 20:00 - Updated: 2025-04-11 00:51

Severity ?

Summary

References

URL	Tags
product-security@apple.com	http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html	Vendor Advisory
product-security@apple.com	http://lists.apple.com/archives/security-announce/2011//Jul/msg00002.html
product-security@apple.com	http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html
product-security@apple.com	http://secunia.com/advisories/42314
product-security@apple.com	http://secunia.com/advisories/43068
product-security@apple.com	http://support.apple.com/kb/HT4456	Vendor Advisory
product-security@apple.com	http://support.apple.com/kb/HT4808
product-security@apple.com	http://www.securitytracker.com/id?1024773
product-security@apple.com	http://www.vupen.com/english/advisories/2010/3046
product-security@apple.com	http://www.vupen.com/english/advisories/2011/0212
product-security@apple.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/63418
af854a3a-2127-422b-91ae-364da2661108	http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.apple.com/archives/security-announce/2011//Jul/msg00002.html
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/42314
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/43068
af854a3a-2127-422b-91ae-364da2661108	http://support.apple.com/kb/HT4456	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://support.apple.com/kb/HT4808
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id?1024773
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2010/3046
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2011/0212
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/63418

Impacted products

Vendor	Product	Version
apple	iphone_os	*
apple	iphone_os	1.0.0
apple	iphone_os	1.0.1
apple	iphone_os	1.0.2
apple	iphone_os	1.1.0
apple	iphone_os	1.1.1
apple	iphone_os	1.1.2
apple	iphone_os	1.1.3
apple	iphone_os	1.1.4
apple	iphone_os	1.1.5
apple	iphone_os	2.0
apple	iphone_os	2.0.0
apple	iphone_os	2.0.1
apple	iphone_os	2.0.2
apple	iphone_os	2.1
apple	iphone_os	2.1.1
apple	iphone_os	2.2
apple	iphone_os	2.2.1
apple	iphone_os	3.0
apple	iphone_os	3.0.1
apple	iphone_os	3.1
apple	iphone_os	3.1.2
apple	iphone_os	3.1.3
apple	iphone_os	3.2
apple	iphone_os	3.2.1
apple	iphone_os	3.2.2
apple	iphone_os	4.0
apple	iphone_os	4.0.1
apple	iphone_os	4.0.2

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0B13B067-2D11-43F0-94BD-770D423498FA",
              "versionEndIncluding": "4.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:iphone_os:1.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A7B6D035-38A9-4C0B-9A9D-CAE3BF1CA56D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:iphone_os:1.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0C5B94E7-2C24-4913-B65E-8D8A0DE2B80B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:iphone_os:1.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E28FB0CB-D636-4F85-B5F7-70EC30053925",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:iphone_os:1.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9EC16D1C-065A-4D1A-BA6E-528A71DF65CC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:iphone_os:1.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "27319629-171F-42AA-A95F-2D71F78097D0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:iphone_os:1.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4F7AEFAB-7BB0-40D8-8BA5-71B374EB69DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:iphone_os:1.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "297F9438-0F04-4128-94A8-A504B600929E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:iphone_os:1.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "F8618621-F871-4531-9F6C-7D60F2BF8B75",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:iphone_os:1.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "824DED2D-FA1D-46FC-8252-6E25546DAE29",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:iphone_os:2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1641DDFA-3BF1-467F-8EC3-98114FF9F07B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:iphone_os:2.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DF40CDA4-4716-4815-9ED0-093FE266734C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:iphone_os:2.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D61644E2-7AF5-48EF-B3D5-59C7B2AD1A58",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:iphone_os:2.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D06D54D-97FD-49FD-B251-CC86FBA68CA6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:iphone_os:2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "25A5D868-0016-44AB-80E6-E5DF91F15455",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:iphone_os:2.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4C14EEA4-6E35-4EBE-9A43-8F6D69318BA0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:iphone_os:2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B15E90AE-2E15-4BC2-B0B8-AFA2B1297B03",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:iphone_os:2.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E0C0A8D-3DDD-437A-BB3D-50FAEAF6C440",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:iphone_os:3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "863383DA-0BC6-4A96-835A-A96128EC0202",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:iphone_os:3.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2CFF5BE7-2BF6-48CE-B74B-B1A05383C10F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:iphone_os:3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "51D3BE2B-5A01-4AD4-A436-0056B50A535D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:iphone_os:3.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "9A20F171-79FE-43B9-8309-B18341639FA1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:iphone_os:3.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "126EF22D-29BC-4366-97BC-B261311E6251",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:iphone_os:3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "3B3DD7B3-DA4C-4B0A-A94E-6BF66B358B7D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:iphone_os:3.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3A939B80-0AD0-48AF-81A7-370716F56639",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:iphone_os:3.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "D28528CE-4943-4F82-80C0-A629DA3E6702",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:iphone_os:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "12E22AF0-2B66-425A-A1EE-4F0E3B0433E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:iphone_os:4.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "BB34ECBE-33E8-40E1-936B-7800D2525AE6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:iphone_os:4.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "107C59BE-D8CF-4A17-8DFB-BED2AB12388D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "WebKit in Apple iOS before 4.2 allows remote attackers to bypass the remote image loading setting in Mail via an HTML LINK element with a DNS prefetching property, as demonstrated by an HTML e-mail message that uses a LINK element for X-Confirm-Reading-To functionality, a related issue to CVE-2010-3813."
    },
    {
      "lang": "es",
      "value": "WebKit en Apple iOS anterior a v4.2 permite a atacantes remotos evitar el ajuste de carga de im\u00e1genes remotas en mensajes a trav\u00e9s de un elemento HTML LINK con una propiedad DNS prefetching, como lo demuestra un mensaje de correo electr\u00f3nico HTML que utiliza un elemento LINK para la funcionalidad X-Confirm-Reading-To, un problema relacionado con CVE-2010-3813."
    }
  ],
  "id": "CVE-2010-3829",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 4.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2010-11-26T20:00:03.063",
  "references": [
    {
      "source": "product-security@apple.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html"
    },
    {
      "source": "product-security@apple.com",
      "url": "http://lists.apple.com/archives/security-announce/2011//Jul/msg00002.html"
    },
    {
      "source": "product-security@apple.com",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html"
    },
    {
      "source": "product-security@apple.com",
      "url": "http://secunia.com/advisories/42314"
    },
    {
      "source": "product-security@apple.com",
      "url": "http://secunia.com/advisories/43068"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://support.apple.com/kb/HT4456"
    },
    {
      "source": "product-security@apple.com",
      "url": "http://support.apple.com/kb/HT4808"
    },
    {
      "source": "product-security@apple.com",
      "url": "http://www.securitytracker.com/id?1024773"
    },
    {
      "source": "product-security@apple.com",
      "url": "http://www.vupen.com/english/advisories/2010/3046"
    },
    {
      "source": "product-security@apple.com",
      "url": "http://www.vupen.com/english/advisories/2011/0212"
    },
    {
      "source": "product-security@apple.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/63418"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.apple.com/archives/security-announce/2011//Jul/msg00002.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/42314"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/43068"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://support.apple.com/kb/HT4456"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://support.apple.com/kb/HT4808"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1024773"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2010/3046"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2011/0212"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/63418"
    }
  ],
  "sourceIdentifier": "product-security@apple.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-264"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2010-3829 (GCVE-0-2010-3829)

Description

Solution

Description

Solution

Description

Solution

Description

Solution

Tags

Sightings

Nomenclature